Industrial Cybersecurity Insider

You Think Your Plant Is Secure. Your Data Says Otherwise.

Mon, 30 Mar 2026 09:00:00 -0700

Craig Duckworth sits down with CIO and Chief Enterprise Architect Shellie D'Angelo to address why so many OT and IT modernization efforts stall out at the foundation.

Shellie explains why data governance must come before “another tool,” how inconsistent data quality quietly sabotages reporting and risk decisions, and why leadership transparency is the fastest path to maturity.

Craig and Shellie also explore the reality of shadow IT on the plant floor, the growing impact of AI as both a defensive advantage and an attacker accelerator, and the practical steps teams can take to move from reactive chaos to measurable business outcomes.

Chapters:

(00:00:00) Why honest risk conversations are the starting line
(00:01:00) Shellie’s background: rebuilding enterprise tech foundations
(00:02:00) OT/IT convergence: start with business drivers and data governance
(00:05:00) “Tools first” vs business-first security decisions
(00:08:00) Knowing what you have before buying more tools
(00:11:00) How far along are most organizations, really?
(00:15:00) AI as a double-edged sword: defense vs attacker acceleration
(00:18:00) Where to start: inventory first vs governance structure
(00:22:00) OT tech is often easier prey: PLCs, HMI/SCADA, cameras
(00:25:00) Partnering vs going it alone: don’t reinvent the wheel
(00:26:00) Tech debt and why technology can’t be an afterthought
(00:29:00) Governance should increase speed, not slow it down
(00:30:00) Final advice: “turn chaos into cash” and own your impact

Links And Resources:

Shellie D'Angelo on LinkedIn
Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

Two Major Cybersecurity Shifts the Industry Isn't Prepared For with Simon Chassar

Tue, 24 Mar 2026 09:00:00 -0700

Dino Busalachi sits down with Simon Chassar, former Chief Revenue Officer at Claroty and current OT cybersecurity advisor and investor, to explore the evolution and future of industrial cybersecurity.

Simon shares insights from his decade-long journey in the space, discussing how OT asset visibility has become commoditized and why the industry is experiencing two major shifts: moving right toward threat-led SOC services and perimeter protection, and moving left toward secure-by-design approaches and attack simulation.

They dive into the persistent challenge of self-performing versus partnering with specialized integrators, the critical skills shortage commanding 30-40% salary premiums, and why AI is both accelerating security challenges and offering new solutions.

Simon reveals how private equity firms are finally prioritizing OT cybersecurity at the board level, discusses the emerging OT SOC landscape, and explains why the traditional IT security budget model is failing operational technology environments.

The conversation addresses the disconnect between IT leadership and the OT ecosystem, the proliferation of unmanaged remote access technologies, and the urgent need for manufacturers to engage their trusted system integrators and OEMs as cybersecurity partners before the next major incident occurs.

Chapters:

(00:00:00) - Meet Simon : From Claroty's Hypergrowth to OT Security's Next Chapter
(00:02:00) - The Commoditization of OT Asset Visibility
(00:04:00) - Two Major Industry Shifts: Right and Left
(00:07:00) - The Self-Performing Problem: Why OT Security Becomes Shelfware
(00:10:00) - IT/OT Convergence and the Skills Gap Crisis
(00:13:00) - Secure by Design and the AI Leapfrog
(00:15:00) - AI Uncovers Hidden OT Vulnerabilities and Risks
(00:18:00) - Funding Models and Private Equity's Cybersecurity Awakening
(00:22:00) - Why the OT Ecosystem Must Drive Its Own Security Strategy
(00:25:00) - M&A Activity and Consolidation in OT Cybersecurity
(00:27:00) - The Rise of OT SOCs and MSP Partnerships

Links And Resources:

Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

The Connected Plant Floor: What S4X26 Revealed

Mon, 16 Mar 2026 09:00:00 -0700

Craig and Dino recap their experience at S4X26, the leading global OT cybersecurity conference in Miami.

They discuss the conference's "connected" theme and how AI is creating an inflection point in industrial cybersecurity, driving unprecedented connectivity between IT and OT environments.

The hosts explore the challenges of the "silver tsunami" as experienced engineers retire, how AI-powered tools are being embedded directly into edge devices and industrial products from vendors like Cisco and Fortinet, and why the regulatory landscape in Europe is advancing faster than other regions.

They emphasize the importance of connecting with peers and partners in the OT security community, highlight key vendors and technologies showcased at the event, and explain why both IT and OT professionals should attend S4X together to bridge the knowledge gap.

The episode concludes with details about next year's expanded conference in Tampa, February 8-11.

Chapters:

(00:00:00) - Random Encounter with Team USA Hockey in Miami
(00:01:00) - S4X26 Conference Kickoff: The "Connected" Theme
(00:03:00) - AI as the Inflection Point for OT Connectivity
(00:05:00) - AI Embedded in Edge Devices and Vendor Technologies
(00:07:00) - First-Time Attendee Experiences and Key Takeaways
(00:10:00) - Europe's Cyber Resiliency Act and Regulatory Advancements
(00:12:00) - Vendor Presence and the OT Technology Marketplace
(00:14:00) - S4X27 Moving to Tampa: February 8-11, 2027
(00:16:00) - AI's Role in Addressing the Silver Tsunami
(00:18:00) - Final Thoughts: Why IT and OT Teams Should Attend Together

Links And Resources:

Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

The Hidden Cost of Siloed OT Security Tools

Wed, 11 Mar 2026 09:00:00 -0700

As we look back, Craig and Dino tackle a critical disconnect in industrial cybersecurity: the failure to share OT security tool data with the people who actually need it.

They explore why IT teams often purchase and deploy OT IDS platforms without engaging plant floor teams, system integrators, and OEMs who are actively working in manufacturing environments.

The conversation reveals that 85% of data collected by these tools is meant for OT teams to act on, yet it rarely reaches them.

They discuss the consequences of this siloed approach—including system integrators bringing their own tools to fill the gap—and provide practical advice on achieving true IT/OT convergence.

The episode emphasizes the importance of working with partners who can "build the car" rather than just "sell the car," and challenges organizations to evaluate whether they're truly practicing IT/OT convergence or just paying lip service to it.

Chapters:

(00:00:00) - The Data Sharing Problem in OT Cybersecurity
(00:01:00) - Why System Integrators Can't Access Security Tool Data
(00:04:00) - Who's Keeping the Data and Why
(00:08:00) - The IT/OT Oil and Water Problem
(00:11:00) - When System Integrators Bring Their Own Tools
(00:14:00) - Questions to Ask Your Cybersecurity Partners
(00:17:00) - The Car Analogy: Buyers vs. Builders
(00:19:00) - Who Asset Owners Really Trust
(00:21:00) - The Three-Legged Stool of OT Security
(00:23:00) - The Path to True IT/OT Convergence

Links And Resources:

Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

The Blind Spots Putting Manufacturers at Risk: WEF 2026 Global Cybersecurity Outlook

Mon, 02 Mar 2026 16:00:00 -0700

LuRae Lumpkin, Producer of Industrial Cybersecurity Insider, sits down with industrial cybersecurity expert Dino Busalachi to break down the 2026 World Economic Forum Global Cybersecurity Outlook Report and what it really means for manufacturers.

While the report surveyed nearly a thousand CEOs, CIOs, and CISOs, Dino reveals a critical blind spot: industrial control systems and OT environments are being left dangerously exposed.

They discuss how AI is becoming a double-edged sword for attackers and defenders, why supply chain vulnerabilities remain unaddressed, the shocking lack of cybersecurity skills on plant floors, and why most companies still aren't conducting incident response exercises.

Dino shares real-world insights from working in nearly 2,000 plants over four decades, explaining why IT and OT remain disconnected, how remote access creates massive security gaps, and why outdated equipment with decades-old vulnerabilities sits unpatched in critical manufacturing environments.

The conversation reveals that while enterprises focus on IT security, the plant floor—where revenue is actually generated—remains critically vulnerable, with potentially catastrophic consequences for businesses, supply chains, and even national GDP.

Chapters:

(00:00:00) - Introduction and Overview of WEF 2026 Cybersecurity Report

(00:01:00) - Where Cybersecurity Funding Actually Goes: IT vs OT Reality

(00:03:00) - The Myth of Disconnected Legacy Equipment (00:05:00) - AI as a Double-Edged Sword in Industrial Environments

(00:08:00) - The Vulnerability Crisis: Thousands of Unpatched Systems

(00:09:00) - Third-Party and Supply Chain Security Gaps

(00:12:00) - Remote Access: The Hidden Attack Vector

(00:14:00) - Critical Supplier Dependencies and Decentralized OT

(00:15:00) - The Skills Gap: Why Industrial Cybersecurity Expertise is Scarce

(00:19:00) - The Shocking Truth About Incident Response Exercises

(00:22:00) - Real-World Impact: When Manufacturers Get Hit

(00:24:00) - Getting All Stakeholders in the Same Room

(00:28:00) - Insurance vs Prevention: The True Cost of Cyber Incidents

(00:29:00) - Final Thoughts: Who Should Own OT Cybersecurity?

Links And Resources:

Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

IT SOC vs OT SOC How & Why They’re Different

Wed, 25 Feb 2026 03:45:00 -0700

Craig and Dino tackle the critical differences between IT and OT Security Operations Centers, revealing why traditional IT-centric SOCs are failing to protect manufacturing environments.

Drawing from real-world examples, including a global beverage company that discovered they were only monitoring one-third of their OT assets, the hosts expose the fundamental disconnect between IT security teams and operational technology environments.

They discuss why IT SOCs struggle with OT visibility, the challenges of asset inventory in dynamic manufacturing environments, and the critical importance of localization in security operations.

The conversation covers practical barriers like line changeovers, PLC modifications, remote access vulnerabilities, and the need for OT-specific incident response protocols.

Craig and Dino emphasize that effective OT security requires IT teams to become embedded in plant operations, working collaboratively with OEMs and system integrators, and understanding the unique operational context of manufacturing assets.

This episode is essential listening for CISOs, plant managers, and security professionals trying to bridge the IT-OT security gap.

Chapters:

(00:00:00) - The Two-Thirds Problem: When Your SOC Can't See Your Plant Floor
(00:01:00) - The OT SOC Asset Visibility Problem: A Case Study
(00:03:00) - Why IT SOCs Can't Manage OT Assets
(00:05:00) - Line Changeovers and Operational Context
(00:07:00) - First Responders and Incident Response Challenges
(00:10:00) - The WannaCry Response Gap
(00:12:00) - Asset Inventory and Baseline Challenges
(00:15:00) - Incident Response and Phone Trees
(00:17:00) - Organizational Accountability Problems
(00:19:00) - Greenfield Opportunities and Standardization
(00:22:00) - The IT-OT Collaboration Challenge
(00:24:00) - Think Global, Act Local: Embedding IT in Plants

Links And Resources:

Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Your OT Cybersecurity Strategy Is Failing: Here's Why

Tue, 17 Feb 2026 09:00:00 -0700

Dino and Craig reunite to tackle the shifts occuring in industrial cybersecurity in 2026.

They discuss how OT-focused IDS software companies are shifting away from managed services to partner with systems integrators who understand the plant floor.

The conversation explores the challenges manufacturers face—from aging infrastructure spanning decades to flat layer-2 networks that give remote vendors unrestricted access.

They emphasize that IT departments cannot effectively manage OT assets they don't own or understand, especially when dealing with equipment older than their cybersecurity staff.

The episode covers the pitfalls of penetration testing in live manufacturing environments, the reality of shadow IT versus shadow OT, and why EDR solutions struggle in control system environments.

Dino and Craig stress the importance of treating cybersecurity as a marathon rather than a sprint, starting with basic asset inventory and microsegmentation.

They call on manufacturing leaders to stop deferring to IT for OT security, attend industry-specific conferences like S4X26, and partner with systems integrators who have deep automation expertise.

With threats mounting, the time for action is now—not next quarter.

Chapters:

(00:00:00) - Welcome & What We've Been Up To
(00:00:48) - The Big Shift: Why OT IDS Companies Are Backing Away From Managed Services
(00:03:00) - The Shelfware Problem: When Security Tools Sit Unused
(00:04:12) - Why Pen Testing Can Be Disruptive (or Dangerous) in Manufacturing Environments
(00:05:54) - The Reality of Legacy Infrastructure: Equipment Older Than Your Cybersecurity Team
(00:07:43) - Who Can Actually Patch Your Control Systems?
(00:09:04) - Supply Chain Vulnerabilities: You're Only as Strong as Your Weakest Link
(00:11:01) - The Last Mile Challenge: Asset Inventory, Microsegmentation & Starting Small
(00:13:55) - The Shelfware to Tool-Switching Problem: Why Companies Are Reconsidering Their First Choice
(00:16:18) - Shadow IT vs. Shadow OT: Who Really Owns Plant Floor Security?
(00:19:00) - Why EDR Struggles in Control System Environments
(00:21:35) - Time to Step Up: Why Manufacturing Leaders Can't Defer to IT Anymore
(00:23:00) - Where to Learn: S4, Automation Fair, and Why You Need to Attend Industry Conferences
(00:25:00) - Finding the Right Partner: Systems Integrators Who Speak Automation and Cybersecurity
(00:27:00) - Final Thoughts: The Time for Action Is Now

Links And Resources:

Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Former NSA now Founder & CTO Breaks Cybersecurity Down: Satellites to Manufacturing

Tue, 10 Feb 2026 04:00:00 -0700

Dino sits down with Dick Wilkinson, CTO and co-founder of Proof Labs, to explore the intersection of space technology and industrial cybersecurity.

Dick shares his 20-year journey in the U.S. Army with the National Security Agency, transitioning from signals intelligence to becoming a CISO for critical infrastructure organizations, including New Mexico's Supreme Court and the Albuquerque water authority.

The conversation dives deep into the challenges of securing satellite systems with onboard intrusion detection and the persistent gap between IT and OT security teams. We also explore why the "castle wall" perimeter security model is dangerously outdated.

Dick reveals how AI is lowering the barrier to entry for both attackers and defenders, and discusses the real-world applications of satellite communications in oil and gas operations.

He also introduces a revolutionary physical layer-one air gap device called Goldilock Secure, which could transform how we protect remote industrial assets.

This episode is essential listening for CISOs, CTOs, and security leaders looking to understand emerging threats in space-based infrastructure and practical solutions for securing distributed industrial environments.

Chapters:

(00:00:00) - Dick's Journey: From NSA to Space Cybersecurity
(00:04:32) - What is Proof Labs and Why Space Security Matters
(00:08:15) - Satellites as OT Assets: Oil, Gas, and Critical Infrastructure
(00:12:47) - How Onboard Intrusion Detection Works in Spacecraft
(00:16:23) - The Castle Wall Problem: Moving Beyond Perimeter Security
(00:19:41) - IT vs OT: Bridging the Gap in Manufacturing Cybersecurity
(00:24:18) - AI's Impact: Lowering the Barrier for Attackers and Defenders
(00:27:35) - The Visibility Challenge: Why Most Plants Don't Know Their Assets
(00:30:12) - Goldilock Firebreak: A Physical Air Gap Device That Changes Everything
(00:35:20) - Real-World Applications for Remote Industrial Asset Protection

Links And Resources:

Want to Sponsor an episode or be a Guest? Reach out here.
Dick Wilkinson on LinkedIn
Proof Labs Website
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

The IT-OT Knowledge Gap Costing Organizations Millions

Tue, 03 Feb 2026 09:00:00 -0700

Dino sits down with Adeel Shaikh Muhammad, a Dubai-based cybersecurity expert and researcher with 16+ years in IT and OT security. They dive into why IT and OT teams still can't communicate effectively.

The conversation reveals why most CISOs struggle to secure manufacturing environments. Adeel shares real-world insights from securing industrial systems across the Middle East, Africa, and Asia.

They tackle the implementation gap in OT SOCs and why legacy systems remain vulnerable. The discussion covers third-party access risks, OEM warranty restrictions, and system integrator challenges.

AI might finally solve IT-OT convergence by acting as a translator between these worlds. But first, organizations need to master the fundamentals: asset inventory, vulnerability management, and network segmentation.

Most companies still haven't nailed these basics in their industrial environments. This conversation cuts through the hype to focus on what actually works.

Chapters:

(00:00:00) - 16 Years in Cybersecurity: Why CISOs Don't Know What a PLC Is
(00:01:48) - Career Journey: From IT to OT Cybersecurity Focus
(00:02:48) - Books on AI Transforming Security Operations Centers
(00:04:44) - The Implementation Gap: Challenges Building OT SOCs
(00:06:40) - The IT-OT Cultural Divide and Missing Communication
(00:08:40) - Why the OT Ecosystem Must Proactively Bring Cybersecurity Tools
(00:10:00) - Can IT-OT Convergence Actually Happen?
(00:11:00) - AI as the Bridge: The Black Box Solution for IT-OT Communication
(00:12:42) - Legacy Systems Reality: Windows 7 Running $5M Equipment
(00:14:00) - OT Cybersecurity Conferences: S4, Intersec, and Rockwell Automation Fair
(00:16:00) - Market Consolidation: Who's Been Acquired in OT Security
(00:17:48) - Back to Basics: Asset Inventory, Vulnerabilities, and Network Segmentation
(00:18:40) - Third-Party Access Control and OEM Warranty Restrictions
(00:20:40) - Why We Can't Ignore Asset Inventory and Segmentation in OT Anymore

Links And Resources:

Adeel Shaikh Muhammad on LinkedIn
Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

The Patching Gap Putting Industrial Operations at Risk: IT vs OT

Tue, 27 Jan 2026 09:00:00 -0700

Craig and Dino tackle one of industrial cybersecurity's most critical challenges in this Rewind episode: the massive gap between IT and OT patching strategies.

IT organizations patch constantly—think Patch Tuesday. OT environments rarely patch at all, creating dangerous vulnerability gaps across connected networks.

The hosts explore why this disconnect exists. Production floor downtime costs are astronomical, making patching a risky business decision.

OEM restrictions complicate matters further. Many vendors won't support systems or warranties after unauthorized updates.

Managing decades-old equipment alongside modern systems creates another layer of complexity. Legacy PLCs weren't designed with patching in mind.

The consequences of not patching are mounting. Insurance companies are tightening requirements and regulatory pressures are intensifying.

Craig and Dino offer practical solutions that don't require shutting down production lines. Virtual patching technologies can protect legacy control systems without traditional software updates.

The hosts emphasize the urgent need for IT-OT collaboration. All stakeholders—including OEMs and system integrators—must be part of strategic cybersecurity conversations.

This episode is essential listening for CISOs, plant managers, and anyone responsible for protecting industrial operations. The connected world isn't waiting for OT to catch up.

Chapters:

00:00:00 - Introduction to Patching Challenges
00:01:08 - IT vs OT Patching: Key Differences
00:02:55 - Understanding the Cost of Downtime in OT
00:03:32 - Overcoming Challenges with Legacy Systems
00:05:21 - Navigating OEMs and Safety Concerns
00:06:45 - The Role of Safety in OT Patching
00:08:52 - Exploring Virtual Patching Solutions
00:13:11 - Enhancing Vendor Collaboration and Risk Management
00:16:48 - Impact of Mergers and Acquisitions on Cybersecurity
00:18:33 - Addressing Insurance and Compliance Issues
00:20:12 - Significant Consequences of Not Patching
00:23:14 - Building an Effective Collaborative Cybersecurity Strategy
00:24:03 - Conclusion and Actionable Insights

Links And Resources:

Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Four Distinct Companies & One Critical Gap—The Ownership Crisis in OT Security

Tue, 20 Jan 2026 04:00:00 -0700

This compilation episode brings together the most critical insights from Industrial Cybersecurity Insider conversations about the fundamental challenges plaguing OT security implementation and management.

Industry experts dissect why traditional IT security approaches fail catastrophically on the plant floor, revealing that the core issue isn't technology—it's ownership, collaboration, and understanding.

From the dangers of deploying endpoint detection without vendor qualification to the millions lost in unplanned downtime, this episode exposes the gap between security theory and operational reality.

Listeners will discover why cybersecurity tools are often shelfware, how the "have and have-not" world creates vulnerability gaps across manufacturing facilities, and what "left of boom" thinking means for preventing incidents before they happen.

Featuring hard-won lessons about shutdown windows, cyber-informed engineering, and the critical importance of building relationships between IT teams and plant floor operations, this episode delivers actionable intelligence for CISOs, plant managers, and anyone responsible for securing industrial control systems.

Chapters:

(00:00:00) - Introduction: The Core Problem of Ownership in OT Security
(00:01:45) - Why IT Security Approaches Fail on the Plant Floor
(00:04:30) - The Cloud Analogy: Lessons for OT Implementation
(00:07:15) - The Missing Conversation: Capital Plans and OEMs
(00:10:20) - IT vs OT Networks: Different Purposes, Different Risks
(00:13:35) - EDR in OT: The Aftermarket Parts Problem
(00:16:10) - Cyber-Informed Engineering: Building Security into Design
(00:19:45) - The Have and Have-Not World of Plant Security
(00:23:20) - Left of Boom: Visibility Beyond Security
(00:27:15) - Who Should Lead the OT Security Discussion

Links And Resources:

Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Your New Equipment Just Shipped With Security Risks & Here's Why Your OEM Won't Fix Them

Tue, 13 Jan 2026 09:00:00 -0700

In this episode, Dino and Craig tackle one of manufacturing's most pressing challenges: the OEM blockade. They explore why brand-new equipment often ships with hundreds of unpatched vulnerabilities, how the gap between IT and OT teams creates operational blind spots, and why manufacturers can't rely on traditional IT solutions to secure their plant floors.

From the CrowdStrike incident that took down HMIs to the "ghost in the machine" causing unexplained downtime, they reveal why OT teams must take ownership of their cybersecurity posture and build partnerships with the right ecosystem of OT-focused service providers.

If you've ever wondered why your million-dollar machine center is running Windows 7 or why your cybersecurity reports don't match reality, this episode provides the answers—and a path forward.

Chapters:

(00:00:00) - The OEM Blockade Problem
(00:01:00) - Understanding OEM Software Lock and Remote Access
(00:03:00) - The Reality of Unpatched Vulnerabilities in New Equipment
(00:06:00) - The IT/OT Blockade and Convergence Challenges
(00:09:00) - Why IT Disciplines Don't Translate to OT Environments
(00:11:00) - The CrowdStrike Incident: What Really Happened on Plant Floors
(00:13:00) - The Lack of Due Diligence in Manufacturing M&A
(00:16:00) - Chasing the Ghost in the Machine
(00:19:00) - Process Integrity vs. Cybersecurity Tools
(00:22:00) - Why OT Teams Must Take Ownership and Build the Right Partnerships

Links And Resources:

Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

The CISO's Impossible Task: Protecting Plant Floors They've Never Seen

Tue, 06 Jan 2026 04:00:00 -0700

Craig and Dino tackle one of the most pressing challenges in industrial cybersecurity: the disconnect between IT security teams and operational technology environments.

They explore why traditional CISOs struggle to protect manufacturing plants despite their best intentions, revealing that most security executives get 30 minutes or less per quarter to present cyber risks to their boards—leaving little time to address the complexities of OT environments they barely understand.

The conversation digs into the fundamental differences between enterprise IT and plant floor operations, where safety and uptime trump traditional security approaches, and where telling an engineer to remove a Windows 7 machine from the network might mean shutting down millions of dollars in production.

Craig and Dino make a compelling case for why external expertise, cross-functional collaboration, and a fundamental shift in how organizations approach industrial cybersecurity are not just recommended—they're essential for survival in an evolving threat landscape where adversaries only need to get lucky once.

Chapters:

(00:00:00) - The IT Security Mindset vs. OT Reality
(00:01:00) - Has the CISO Really Engaged with Industrial Cybersecurity?
(00:03:00) - The Disconnect: IT Owns the Network, OT Owns the Assets
(00:05:00) - What CISOs Don't Know About the Plant Floor
(00:07:00) - Safety and Uptime: The Top Two Priorities CISOs Must Understand
(00:10:00) - The Asset Visibility Problem: Do You Really Know What's Out There?
(00:13:00) - 30 Minutes or Less Per Quarter: The CISO's Impossible Task
(00:16:00) - Why External Expertise Isn't Optional Anymore
(00:19:00) - The Cyber Insurance Myth: Why Your Policy Won't Save You
(00:22:00) - Secure by Demand: Holding Vendors Accountable
(00:25:00) - Getting to the "Know": Where to Start and What to Ask

Links And Resources:

Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

IT and OT Are Still Siloed - Here's Why That's Dangerous

Tue, 30 Dec 2025 09:00:00 -0700

In this rewind episode, Craig and Dino tackle a critical disconnect in industrial cybersecurity: the gap between IT teams deploying OT security tools and the plant floor teams who desperately need the data these tools collect.

They reveal why 85% of data from industrial cybersecurity platforms is meant for OT personnel, yet rarely reaches them.

The conversation exposes how organizations invest heavily in tools like IDS platforms but fail to share vulnerability data, asset inventories, and network intelligence with the system integrators, OEMs, and plant teams actually working on their control systems.

Craig and Dino discuss the consequences of this siloed approach—from incomplete asset visibility to duplicated tooling—and offer practical guidance on achieving true IT-OT convergence.

They emphasize that organizations must work with partners who can "build the car, not just buy it," and stress the importance of tabletop exercises, proper vendor vetting, and collaborative frameworks that include the entire industrial ecosystem in cybersecurity planning and execution.

Chapters:

(00:00:00) - The Growing Problem: OT Teams Lack Access to Critical Security Data
(00:01:47) - IT-OT Convergence in Practice: Are We Really Doing It?
(00:04:42) - Why IT Teams Keep Security Data Siloed from Plant Floor Partners
(00:06:38) - The Consequence: System Integrators Bring Their Own Tools
(00:08:38) - The Disconnect Between IT Security Tools and OT Reality
(00:11:48) - How to Bridge the Gap: Questions System Integrators Should Ask
(00:15:42) - Vetting Your Security Partners: Can They Build the Car or Just Buy It?
(00:17:46) - The Three-Legged Stool: Why IT-Only Security Fails in Manufacturing
(00:20:48) - Action Steps: Creating a Comprehensive List of Your Industrial Ecosystem
(00:22:48) - Final Thoughts: Moving Beyond Security Theater to True Collaboration

Links And Resources:

Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

The Hidden Reason Most Manufacturing Cybersecurity Programs Fail

Tue, 23 Dec 2025 04:00:00 -0700

Dino sits down with cybersecurity expert Wil Klusovsky to discuss the massive gap between IT security practices and OT reality. With 26 years of experience, Wil shares his unconventional journey into operational technology and reveals why most security tools end up as shelfware on plant floors.

They dive deep into the communication breakdown between CISOs and plant operations, the critical role of system integrators and OEMs that IT leaders often ignore, and why the "air gap" myth continues to put manufacturing facilities at risk.

Wil breaks down his framework for speaking to boards in language they understand, emphasizing business impact over technical jargon.

The conversation covers everything from the challenges of MFA implementation in OT environments to why patching isn't always the answer. They discuss how organizations can build effective OT security programs by making cybersecurity everyone's responsibility - not just IT's problem.

Chapters:

(00:00:00) - Opening: The $50K Security Investment That Nobody Uses
(00:01:00) - Will's Unconventional Journey Into OT Cybersecurity
(00:03:45) - The Communication Gap Between IT and OT Teams
(00:07:15) - Why Asset Visibility Tools Miss 135% of Your Equipment
(00:10:30) - Speaking Board Language: Revenue Loss vs. Technical Jargon
(00:13:25) - The Missing Third Leg: System Integrators and OEMs
(00:17:30) - Making Cybersecurity Everyone's Job, Not Just IT's Problem
(00:21:15) - Why Patching Isn't Always the Answer in OT Environments
(00:25:45) - The Reality Check: Physical Security in Manufacturing Plants
(00:28:30) - Building a Cybersecurity Program as a Journey, Not a Destination

Links And Resources:

Wil Online Linktree
Wil Klusovsky on LinkedIn
Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Why OT Must Lead the Manufacturing Cybersecurity Conversation

Wed, 17 Dec 2025 09:00:00 -0700

Katie O'Brien shares her unconventional journey from music teacher to industrial cybersecurity expert, bringing over 25 years of IT experience into the OT world.

In this conversation with Dino, Katie discusses the critical gaps in OT cybersecurity—from the lack of university programs teaching industrial security to the disconnect between IT and OT teams.

They explore why system integrators and OEMs fail to design cybersecurity into new manufacturing projects from the start, compare it to building cars without safety features, and discuss the emergence of managed services in the OT space.

Katie explains how Garland Technology helps organizations get visibility into aging infrastructure with unmanaged switches, and both hosts emphasize the urgent need for the OT ecosystem to drive cybersecurity conversations proactively rather than waiting for IT teams who may never have walked the plant floor.

Chapters:

(00:00:00) - The Hard Truths About OT Security Nobody Wants to Hear
(00:01:06) - Katie's Unconventional Journey: From Music Teacher to OT Cybersecurity Expert
(00:04:00) - The Current State of OT Cybersecurity and Future Directions
(00:06:00) - The Education Gap: Why Universities Aren't Teaching Industrial Cybersecurity
(00:08:00) - The Disconnect Between IT/Security Teams and OT Operations
(00:10:00) - Designing Cybersecurity Into New Manufacturing Projects From the Start
(00:13:00) - IT Teams Who've Never Walked the Plant Floor
(00:16:00) - The Emergence of Managed Services in the OT Space
(00:18:00) - Garland Technology: Getting Visibility Into Aging Infrastructure
(00:19:00) - Software Defined Automation and the Future of Industrial Control
(00:22:00) - Why the OT Ecosystem Must Drive the Cybersecurity Conversation
(00:24:00) - The Real Cost of Downtime and Cyber Incidents in Manufacturing

Links And Resources:

Katie O'Brien on LinkedIn
Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

How OT Managed Services Are Revolutionizing Industrial Cybersecurity

Tue, 09 Dec 2025 04:00:00 -0700

Dino sits down with industrial automation and industrial cybersecurity expert Kevin Kumpf, fresh off the floor of Rockwell Automation Fair 2025.

They discuss why OT managed services are finally becoming viable for manufacturing, the critical 80/20 split between people and technology challenges, and how the industry's "silver tsunami" of retiring talent is forcing a reckoning.

Kevin shares insights on building unified platforms that can manage everything from 30-year-old paper tape systems to AI-powered smart factories, why IT's "patch now" mentality fails in OT environments, and how the DG 360 platform is delivering true cyber-physical convergence today - not tomorrow.

They discuss the reality that most OT cybersecurity tools only discover 30% of plant assets, the importance of human-in-the-loop decision making, and why the OT ecosystem - not IT - must drive the managed services revolution.

This is a must-listen for anyone struggling with the complexity of protecting and managing modern manufacturing facilities.

Chapters:

(00:00:00) - Introduction and Rockwell Automation Fair Recap
(00:01:43) - The OT Managed Services Evolution and Rebranding
(00:04:15) - The Three-Legged Stool: IT, OT, and OEMs
(00:07:32) - Point Solutions vs. Unified Platforms in Manufacturing
(00:10:45) - The DG 360 Vision: 360-Degree Plant Visibility
(00:14:28) - The Silver Tsunami and Training Challenges
(00:18:22) - Alert Fatigue and Actionable Intelligence
(00:22:45) - Software Defined Automation and Legacy Systems
(00:26:18) - Why OT Must Drive the Cybersecurity Conversation
(00:30:35) - Real-Time Demo and Implementation Readiness

Links And Resources:

Kevin Kumpf on LinkedIn
Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Former U.S. Secret Service Special Agent Shares Cyber Criminal Secrets

Tue, 02 Dec 2025 09:00:00 -0700

Former U.S. Secret Service Special Agent Richard LaTulip joins Craig Duckworth to reveal the hidden world of cyber criminal networks and infrastructure attacks.

Drawing from his undercover work infiltrating dark web forums and catching some of the world's most sophisticated threat actors, Richard breaks down why traditional security approaches fail, how ransomware attacks actually cost organizations millions if not billions beyond the ransom payment itself, and why the timeline between compromise and detection has shrunk from months to minutes.

He shares jaw-dropping statistics on vulnerability management failures, explains how adversaries are using AI to become exponentially more dangerous, and provides actionable insights for building resilient security programs that protect what matters most to your business.

Whether you're defending critical infrastructure or managing security for a manufacturing organization, this conversation offers a rare insider perspective on the evolving threat landscape and what it takes to stay ahead of increasingly sophisticated cyber criminals.

Chapters:

(00:00:00) - Meet the Ex-Secret Service Agent Who Infiltrated Underground Cyber Criminal Networks
(00:03:00) - Inside Operation Carder Kaos: Going Undercover in the Dark Web
(00:06:00) - The Real Price Tag: Why Ransomware Costs Go Far Beyond the Ransom
(00:11:00) - When Production Lines Go Dark: The Hidden Costs of Manufacturing Downtime
(00:14:00) - Reality Check: How Prepared Is Your Organization for a Cyber Attack?
(00:17:00) - The AI Arms Race: How Adversaries Are Weaponizing Artificial Intelligence
(00:21:00) - 2027 Threat Landscape: What Keeps a Field CISO Up at Night
(00:24:00) - Follow the Bitcoin: How Cyber Criminals Launder Billions Through Cryptocurrency
(00:31:00) - Why Speed Matters: The Critical Window for Law Enforcement Notification
(00:33:00) - The Security Leader's Playbook: Threat Intelligence + Business Context

Links And Resources:

Richard LaTulip on LinkedIn
Richard's Book: Operation Carder Kaos
Recorded Future
Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Perception vs. Reality: Why Your Plant Floor Might Not Be as Secure as You Think

Tue, 25 Nov 2025 04:00:00 -0700

In this eye-opening conversation, Dino and Craig address a critical issue facing manufacturing organizations today: the dangerous gap between perceived and actual cybersecurity preparedness in operational technology (OT) environments.

They discuss why many organizations "don't know what they don't know" when it comes to securing industrial control systems, the myth of isolated manufacturing equipment, and why 25% of companies still lack comprehensive OT asset monitoring.

Drawing powerful parallels to safety protocols, they explain why cybersecurity must become as ingrained in plant culture as wearing a hard hat on the factory floor.

Their bottom line: Back up your beliefs with data, treat every system as if it's connected, and verify, don't just trust, your security posture. In OT cybersecurity, perception isn't reality, and that gap could cost not only millions but also brand perception and even human life.

This episode is a must-listen for anyone serious about protecting their industrial environments.

Chapters:

00:00:00 - Kicking Off: Are You Truly Secure or Just Comfortable?
00:01:15 - OT Security Reality Check: Do You Really Know Your Risks?
00:01:45 - The Hidden Challenges Holding OT Security Back
00:03:15 - Lack of Skilled Resources: The Biggest Barrier to Security
00:05:30 - Security Frameworks: Are They Reaching the Plant Floor?
00:06:15 - The Dangerous Myth of “Isolated” OT Systems
00:07:58 - From Theory to Action: Winning Strategies for OT Security
00:12:13 - Leadership’s Role in Cybersecurity: Who’s Driving the Change?
00:19:55 - No More Blind Spots: Key Takeaways for a Secure Future

Links And Resources:

Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

The Silver Tsunami: Manufacturing's Talent and Knowledge Retirement Crisis

Tue, 18 Nov 2025 04:00:00 -0700

In this milestone 100th episode, Craig and Dino tackle the critical intersection of workforce retirement and industrial cybersecurity knowledge in manufacturing.

They explore how 82% of manufacturing workforce exits are due to retirement, creating a dangerous knowledge vacuum as decades of plant expertise walk out the door.

The conversation reveals why traditional IT security tools consistently miss 50-70% of OT assets, the problematic practice of buying equipment that's obsolete before installation, and why plant operators bypass corporate security policies when downtime costs a million dollars per day.

Craig and Dino state that the solution isn't just better tools, it's bridging the gap between centralized IT teams and the decentralized OT ecosystem by partnering with the system integrators and OEMs who actually keep plants running.

They discuss how manufacturers must choose between multi-million dollar capital investments in modern equipment or implementing proper network segmentation and security around legacy systems.

They address the reasons why the next generation of talent won't be attracted to facilities running decades-old technology.Chapters:

(00:00:00) - Introduction and Industry Growth Update
(00:02:15) - The Silver Tsunami: 82% of Manufacturing Exits Are Retirements
(00:05:42) - Why IT Security Tools Miss 50-70% of OT Assets
(00:09:18) - The Knowledge Vacuum: What Happens When Experience Walks Out
(00:13:05) - Why Plant Operators Bypass Corporate Security Policies
(00:16:30) - The Problem with Buying Obsolete Equipment
(00:19:45) - Centralized IT vs Decentralized OT: Bridging the Gap
(00:23:20) - Building Partnerships with System Integrators and OEMs
(00:26:50) - Capital Investment vs Network Segmentation Strategy
(00:29:35) - Attracting Next-Gen Talent to Manufacturing Environments

Links And Resources:

Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

The Nation-State Attacks Hiding in Your OT Network

Wed, 12 Nov 2025 10:00:00 -0700

In this episode of the Industrial Cybersecurity Insider, Craig Duckworth sits down with Matthew Carr, co-founder of Atumcell and OT penetration testing expert with fifteen years of experience securing operational technology systems.

Matthew shares his journey from vulnerability research to specializing in cyber-physical security, recounting the pivotal moment when his exploit code stopped a production line at a major car manufacturer.

The conversation addresses the critical gaps in OT security, including why most organizations are unaware of what's actually on their networks, the dangers of default passwords on IoT devices, and how attackers often use espionage rather than ransomware to remain undetected.

Matthew reveals how his team safely conducts pentests in production environments, develops proprietary detection rule sets, and helps organizations understand their infrastructure through network mapping.

The discussion encompasses a range of topics, from the risks associated with smart TVs in conference rooms to the motivations behind nation-states targeting critical infrastructure, culminating in practical advice on developing a cybersecurity roadmap for cyber-physical systems.

Chapters:

(00:00:00) - Welcome and Introduction to Matthew Carr's OT Security Journey
(00:02:30) - The Moment Exploit Code Stopped a Production Line at a Major Car Manufacturer
(00:06:15) - Why Most Organizations Don't Know What's Actually on Their OT Networks
(00:09:45) - The Three Pillars of Adamzsel: Pentesting, Monitoring, and Tabletop Exercises
(00:14:20) - How Attackers Know Your Infrastructure Better Than You Do
(00:18:50) - Smart TVs in Conference Rooms: The Hidden Security Risk with Root Access
(00:22:30) - Espionage vs Ransomware: The Cyber Attacks No One Is Talking About
(00:26:45) - Why Default Passwords on IoT Devices Are an Attacker's Favorite Entry Point
(00:30:20) - Building a Cybersecurity Roadmap for Cyber-Physical Systems
(00:33:15) - Closing Thoughts and Free OT Security White Paper from Adamzsel

Links And Resources:

Atumcell Website
Matthew Carr on LinkedIn
Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

When IT Security Meets OT Reality: Why One Size Doesn't Fit All

Wed, 05 Nov 2025 09:00:00 -0700

What happens when IT cybersecurity practices collide with OT operational realities? In this episode, Jim and Dino expose the costly mistakes organizations make when applying IT security playbooks to manufacturing environments.

Discover why zero trust architectures can halt production, how shadow IT thrives on every plant floor, and why remote access policies designed for corporate networks fail in industrial settings.

Learn the critical importance of OT-tailored asset inventories, the need for IT/OT collaboration, and why digital safety must be treated with the same urgency as physical safety.

If you're struggling to bridge the gap between IT security mandates and OT operational needs—or if you've ever watched a well-intentioned security policy bring production to a halt—this episode is your roadmap to getting it right.

Chapters:

(00:00:00) - Introduction and Episode Overview
(00:01:19) - IT vs OT Security Mindsets
(00:02:03) - Zero Trust Challenges in OT Environments
(00:05:12) - Remote Access and Change Management Conflicts
(00:09:00) - Who Should Learn from Whom: IT or OT?
(00:10:23) - Asset Inventory: What OT Engineers Don't Know
(00:15:00) - Process Integrity and Operational Value
(00:21:57) - Shadow IT: The Backdoors Nobody Talks About
(00:26:00) - Designing Security Into New Equipment
(00:28:00) - Digital Safety vs Physical Safety

Links And Resources:

Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn
Jim Cook on LinkedIn

Dispelling IT/OT Convergence Challenges and Myths

Tue, 28 Oct 2025 09:00:00 -0700

In this episode, Craig and Dino tackle IT/OT convergence, operational technology security, and manufacturing cybersecurity challenges head-on.

They challenge the notion of OT being a "shadow IT group" and explore the fundamental differences between IT and OT operations in industrial environments.

The discussion emphasizes that OT focuses on safety and physical outcomes, while IT prioritizes data security.

They stress the importance of collaboration between IT and OT teams, highlighting how system integrators, OEMs, and plant operators must work together to improve cybersecurity posture.

The conversation covers practical issues like Overall Equipment Effectiveness (OEE), incident response, and the need for proper funding and governance.

Both advocate for CISOs and CIOs to actively engage with OT teams and system integrators, visit manufacturing facilities, and understand the unique challenges of industrial control systems to achieve true convergence and protect manufacturing plants and critical infrastructure.

Chapters:

00:00:00 - Opening Shot: Who’s Really in Charge—CIOs or the Plant Floor?
00:00:57 - Collision Course: IT and OT Can’t Keep Dodging Each Other
00:01:52 - Two Worlds, One Mission: Why OT Isn’t Just “IT in a Hard Hat”
00:04:07 - When Convergence Fails: What’s Missing in the Middle
00:05:54 - Breaking Silos: Why Cybersecurity Demands True Collaboration
00:08:22 - Real Talk: What Cyber Protection Looks Like on the Plant Floor
00:10:46 - OT’s Tipping Point: Will the Next Move Come from IT, or the Shop Floor?
00:17:32 - Your Move: What Leaders Must Do Next (Before It’s Too Late)

Links And Resources:

Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

What Actually Works in OT Vulnerability Management with Dan Cartmill, TXOne Networks

Tue, 21 Oct 2025 09:00:00 -0700

In this episode of the Industrial Cybersecurity Insider, host Dino sits down with Dan Cartmill, Sr. Global Product Marketing Director for TXOne Networks, to discuss the often misunderstood world of OT vulnerability management.

Dan brings a unique perspective, having started as a practitioner 17 years ago, before transitioning to the vendor side. The conversation explores why simply creating a list of vulnerabilities isn't enough – and what organizations should actually be doing to reduce risk in their OT environments.

Chapters:

00:00:00 - Introduction and Dan's Background
00:02:00 - Biggest Misconceptions About OT Vulnerability Management
00:04:00 - Blind Spots in OT Vulnerability Scanning
00:07:00 - Finding Vulnerabilities: OT vs IT Differences
00:10:00 - Proactive Approaches to Unknown Vulnerabilities
00:12:00 - How TX One Addresses Vulnerabilities Non-Disruptively
00:15:00 - Virtual Patching and Operations-First Philosophy
00:18:00 - IT/OT Convergence and Team Collaboration
00:21:00 - Building Relationships with Third-Party Partners
00:23:00 - Tabletop Exercises and Incident Response Planning
00:26:00 - Key Takeaway: Never Forget Your Original Objectives
00:28:00 - Dealing with Event Overload and Zero-Day Vulnerabilities

Links And Resources:

Dan Cartmill on LinkedIn
TXOne Networks
Dino Busalachi on LinkedIn
Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Craig Duckworth on LinkedIn

Industrial Cybersecurity: The Gap Between Investment and Cyber Event Prevention

Tue, 14 Oct 2025 09:00:00 -0700

In this episode, Craig and Dino address why manufacturers still suffer incidents after spending millions on OT security tools. They discuss how to convert those investments into measurable risk reduction.

You'll learn why buying tools isn't a strategy. Get insights into how to validate asset visibility on the floor (not just the network map), practical ways to reduce alert fatigue and assign ownership, how to close the OT incident response gap by connecting SOC to operators, the realities of flat Layer 2 networks and undocumented zones, how to handle technical debt at scale (EOL firmware, unpatched HMIs, safe upgrade paths), and why "everyone is responsible" often means no one is.

Expect candid discussion on alert fatigue, flat networks, and the human constraints driving today's gaps, plus a concrete checklist for building a coalition that actually works to protect production environments.

Chapters

00:00:00 – Why incidents still happen after major OT cyber spend

00:02:30 – Tools vs. outcomes: underusing capabilities and alert fatigue

00:05:50 – Who owns plant‑floor cyber? Why CISOs, CIOs, OEMs, and SIs talk past each other

00:08:10 – Define the use case before tuning sensors and policies

00:10:00 – OT IR is missing: operators are the first responders

00:11:20 – Network reality check: flat L2, VLAN gaps, and unmanaged switches

00:13:30 – Change management and patching in OT: risk, downtime, and technical debt

00:15:20 – Skills and staffing: the silver tsunami and "jack of all trades" constraints

00:18:00 – What outside partners can and cannot do in plants

00:21:00 – Visibility blind spots: validating coverage with floor‑level walkthroughs

00:24:00 – It won’t stick without a coalition: getting plant managers, engineering, OEMs, and SOC aligned

Links And Resources:

Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Hidden Cybersecurity Vulnerabilities in Today’s Data Centers

Mon, 06 Oct 2025 09:00:00 -0700

In this episode, Scott Cargill, Partner of BW Design Group, joins Craig and Dino. Together they dissect the critical vulnerability gap in data center operational technology infrastructure.

While most data centers implement robust IT security protocols, their building management systems controlling cooling, power distribution, and environmental controls remain significantly under-protected.

Cargill provides technical analysis of how the rapid expansion of data center capacity for AI workloads has outpaced OT security implementation, creating exploitable attack vectors where minutes of system compromise could cascade into millions in equipment damage and service disruption.

Through evidence-based examination and industry insights, this episode offers CISOs and OT security professionals a practical framework for addressing the IT-OT security convergence challenge in mission-critical facilities.

They offer actionable strategies for vulnerability assessment, segmentation, and defense-in-depth implementation.

Chapters:

- 00:00:00 - Meet Scott Cargill of BW Design Group

- 00:02:30 - Data centers expanding for AI

- 00:04:40 - Critical BMS vulnerabilities being ignored

- 00:07:40 - Alarming OT security reality

- 00:09:40 - Why OT security remains deprioritized

- 00:12:10 - IT-OT security convergence challenges persist

- 00:16:35 - Manufacturing parallels to data centers

- 00:20:10 - Security solutions evolution underway

- 00:21:45 - Managed services necessity for OT

- 00:24:42 - Thought leadership driving industry standards

Links and Resources:

Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Scott Cargill on LinkedIn
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Building OT Cybersecurity That Works in the Real World

Tue, 30 Sep 2025 09:00:00 -0700

Industrial environments are complex. Aging systems, distributed plants, and a crowded vendor landscape make “buy another tool” a tempting but often costly reflex.

In this episode, Dino Busalachi talks with Danielle “DJ” Jablanski, about moving from paper programs to measurable progress in OT security. They address why competence and capacity must come before capabilities, how to right-size your technology stack through tool rationalization, and why interdependence mapping is foundational for real resilience.

00:00:00 – Why OT maturity often stalls
00:06:00 – Where to focus first: assets, segmentation, and access
00:08:20 – Governance gaps: frameworks on paper vs. controls in practice
00:10:10 – Interdependence mapping beyond "crown jewels"
00:12:30 – Operators as first responders and safe-state realities
00:16:15 – Vendor and OEM ecosystems: who owns the response plan?
00:20:10 – Threat intel's limits: effects‑based security over means‑based noise
00:22:00 – Incident readiness in plants: plans, practice, and ownership
00:26:00 – Supply chain fragility and concentration risk in manufacturing
00:29:30 – Tool rationalization: measuring ROI, coverage, and usability

Links And Resources:

Want to Sponsor an episode or be a Guest? Reach out here.
DJ's Blog on Interdependence Mapping: https://claroty.com/blog
Danielle Jablanski on LinkedIn
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Mitsubishi’s Billion-Dollar Bet on OT Cybersecurity with Nozomi Acquisition

Tue, 23 Sep 2025 09:00:00 -0700

Hosts Craig and Dino discuss Mitsubishi's billion-dollar acquisition of Nozomi Networks and its implications for operational technology cybersecurity. They address how this major deal affects the industrial security market.

The conversation covers IT/OT convergence challenges, managed services, vendor partnerships, and AI in cybersecurity decision-making.

Craig and Dino share practical insights for security leaders and engineering professionals working in industrial environments.

Topics covered:

• Why Mitsubishi made this $1B investment

• How this affects choosing security vendors

• The growing role of managed services in OT security

• What organizations should do to prepare for changes

For cybersecurity professionals, industrial engineers, and executives working with operational technology and cyber defense.

Chapters:

00:00:00 - Welcome to Industrial Cybersecurity Insider Podcast
00:01:26 - A Trend of Cybersecurity Platform Acquisitions
00:02:03 - The "Cyber-Informed Engineering" Play
00:02:52 - Market Impact: Setting a Billion-Dollar Bar for Competitors
00:05:06 - A Lack of Expertise and Resources
00:05:48 - The Challenge of Building an In-House Team vs. Using Managed Services
00:07:40 - Embedding Security Directly into Hardware Controllers
00:09:33 - How Competitors Like Rockwell Might React
00:10:00 - IPO or Acquisition?
00:14:42 - The On-Prem vs. Cloud Debate in Manufacturing Environments
00:16:50 - 87% of Organizations Are Lagging in Cybersecurity Maturity
00:17:20 - The IT/OT Resource and Knowledge Gap
00:18:54 - The Need for CIOs to Partner with OT Systems Integrators
00:21:25 - The "OnStar" Model for Industrial Security
00:22:15 - The Reality of Vendor Lock-In and Warranty Issues
00:24:14 - OT Needs to Own Its Cybersecurity Strategy
00:25:12 - The Risk of Underutilized Security Tools

Links And Resources:

Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Responsibility Without Authority: The CISO's Industrial Cybersecurity Dilemma

Tue, 16 Sep 2025 08:15:00 -0700

In this episode, Craig and Dino address one of the most pressing challenges in industrial cybersecurity: the gap between responsibility and authority for CISOs and their ability to protect manufacturing and critical infrastructure plant floors.

While executives are tasked with ensuring resilience and reporting to the board, they often hit resistance at the plant floor where production uptime and safety KPIs take priority.

The conversation explores IT/OT convergence, asset visibility blind spots, OEM restrictions, and the risks of relying on remote-only deployments.

With insights from decades of hands-on experience in industrial environments, Craig and Dino outline practical steps for building bridges between IT and OT, aligning financial risk with security strategy, and equipping CISOs with the authority they need to succeed.

Chapters:

00:00:00 - Welcome to the Industrial Cybersecurity Insider Podcast
00:01:11 - The CISO's Core Conflict of Responsibility Without Authority
00:02:45 - Why Security Efforts Get "Kneecapped at the Front Door"
00:04:04 - Understanding the OT Environment and Its Unique Technology
00:05:36 - Building Bridges Between IT and OT as the Solution
00:07:44 - Overcoming OT's "Skittish" Resistance to IT
00:09:43 - The Scaling Problem of Too Few Engineers for Too Many Plants
00:10:57 - Why a Remote-First Approach Fails in Manufacturing
00:14:44 - The "Epiphany" of Uncovering Operational Benefits for OT Teams
00:17:24 - Navigating OEM Warranties and Equipment Restrictions
00:19:14 - The "Trust but Verify" Mandate for a CISO
00:20:56 - The Danger of Hidden Networks and the "Air Gap" Myth
00:23:16 - Speaking the Language of Business in Dollars and Cents
00:24:43 - Aligning Security with the Plant's Capital Master Plan
00:27:24 - How Company Ownership Affects Security Investment
00:28:16 - How to Give the CISO Real Authority

Links And Resources:

Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

The Critical Role of Local Knowledge in Industrial Cybersecurity

Tue, 09 Sep 2025 09:45:00 -0700

In this essential rewind episode, Dino Busalachi and Craig Duckworth address a fundamental challenge facing practitioners in the field: effectively securing operational technology (OT) environments through local expertise and proper data collection.

The Power of Local Partnership

Dino emphasizes a crucial principle that often gets overlooked in cybersecurity implementations: "The only way you can act local is you've got to work with those folks that are in those plants every day, all day."

This insight highlights why external cybersecurity consultants must forge strong partnerships with on-site operational teams who possess intimate knowledge of their industrial environments.

These local experts understand the nuanced details that can make or break a security implementation. This includes everything from vendor schedules and machine operations to maintenance windows and downtime planning.

They know when critical systems are most vulnerable and which processes absolutely cannot be interrupted.

Chapters:

00:00:00 - Why Local Collaboration is Critical for Cybersecurity Success
00:01:07 - Meet Dino and Craig: Experts in IT/OT Integration
00:01:49 - Unpacking the Challenges of IT/OT Convergence
00:02:28 - Why IT and OT Teams Often Struggle to Align
00:04:48 - Building Collaborative Frameworks for Stronger Cybersecurity
00:07:33 - The Role of CIOs and CISOs in Driving Change
00:08:44 - Navigating the Complexities of Diverse Plant Environments
00:10:23 - Partnering with Vendors to Enhance Security Outcomes
00:11:16 - Key Questions to Evaluate System Integrators Effectively
00:16:35 - Using Tabletop Exercises to Align IT and OT Teams
00:22:20 - Closing Thoughts: Bridging the Divide for Unified Cybersecurity

Links And Resources:

Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

FBI Alerts, OT Vulnerabilities, and What Comes Next

Wed, 03 Sep 2025 04:00:00 -0700

In this episode, Craig and Dino break down the FBI’s latest cybersecurity advisory and what it means for industrial organizations.

From Cisco hardware vulnerabilities on the plant floor to the widening gap between IT and OT security teams, they address the critical blind spots that attackers often exploit.

They discuss why manufacturing has become ransomware’s “cash register,” the importance of continuous monitoring and asset visibility, and why every organization must have an incident response plan in place before a crisis.

This episode is packed with real-world insights and actionable strategies. It's a must-listen for CISOs, CIOs, OT engineers, and plant leaders safeguarding manufacturing and critical infrastructure.

Chapters:

00:00:52 - Welcome to Industrial Cybersecurity Insider Podcast
00:01:21 - A New FBI Advisory on Nation-State OT Threats
00:02:37 - Cisco Hardware on the Plant Floor Targeted in Advisory
00:03:18 - The IT/OT Disconnect: OT Assets are Often Invisible to InfoSec Teams
00:04:19 - The Awareness Gap: Critical Security Alerts Fail to Reach OT Operations
00:04:54 - The OT Cybersecurity Skills Gap and Cultural Divide
00:07:32 - Why All Manufacturing is Critical, Citing the JBS Breach
00:08:37 - The Staggering Economic Cost of OT Breaches
00:09:33 - The "Cash Register" Concept: Why Attackers Target Manufacturing
00:10:29 - OT as the New Frontier for Attacks on Unpatched Systems
00:11:28 - The "Disinterested Third Party": When OEMs See Security as the Client's Problem
00:12:31 - The Foundational First Step: Gaining Asset Visibility & Continuous Monitoring
00:13:53 - The Impracticality of Patching in OT Due to Downtime and Safety Risks
00:15:25 - Academic vs. Practitioner: Why High-Level Advice Fails on the Plant Floor
00:18:25 - The Minimum Requirement: A Practiced, OT-Inclusive Incident Response Plan
00:18:58 - Why CISOs Must Build Relationships with Key OT Partners
00:22:46 - Practice, Partner, and Protect Now

Links And Resources:

Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

AI, Phishing, and the Future of Industrial Cyber Defense

Tue, 26 Aug 2025 09:00:00 -0700

In this week's rewind episode, Dino Busalachi is joined by Gary Kneeland from Claroty. With over nine years of experience at Claroty, Gary discusses the evolution of OT security, the convergence of IT and OT, and the growing importance of cybersecurity in protecting critical infrastructure.

The conversation touches on how regulatory changes, ransomware threats, and AI advancements are shaping the industry.

Whether you’re dealing with outdated systems or navigating complex industrial environments, this episode provides practical insights into the challenges and opportunities ahead.

Chapters:

00:00:00 - Pandemic's Impact on Critical Infrastructure
00:01:08 - Introduction to Gary Neelan and Claroty
00:01:41 - Gary's Role in OT Cybersecurity
00:02:49 - Evolution of OT Cybersecurity: From Compliance to Strategy
00:05:23 - IT and OT Convergence: Securing Cyber-Physical Systems
00:09:46 - Addressing Complex Challenges in OT Cybersecurity
00:11:56 - OT Cybersecurity Talent Shortage and Managed Services
00:13:01 - Future of OT Cybersecurity: Adapting to New Threats
00:14:36 - Modernizing Manufacturing Systems for Enhanced Security
00:15:52 - Global Cybersecurity Trends in Critical Infrastructure
00:18:01 - Regional OT Cybersecurity Challenges and Responses
00:25:01 - The Role of AI in Defending OT Environments
00:28:19 - Final Thoughts on OT Cybersecurity's Future

Links And Resources:

Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Gary Kneeland on LinkedIn
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Partnership in Action: When Legacy Systems Meet Modern Cybersecurity Threats

Wed, 20 Aug 2025 04:00:00 -0700

In this hard-hitting episode of Industrial Cybersecurity Insider, host Dino Busalachi sits down with two battle-tested experts: Debbie Lay from TXOne Networks and Patrick Gillespie from GuidePoint Security.

Together, they pull back the curtain on the messy, complex world of operational technology (OT) cybersecurity, where million-dollar cybersecurity losses happen regularly.

This isn't your typical cybersecurity podcast filled with vendor pitches and theoretical frameworks. Instead, you'll get an unvarnished look at what really happens when industrial organizations try to secure their critical infrastructure.

From the shocking reality of cyber insurance claims being denied over half-implemented multi-factor authentication to the all-too-common sight of HMI passwords scrawled in permanent marker on the plant floor. This conversation exposes the gap between cybersecurity best practices and industrial implementation and protection reality.

What makes this episode essential listening:

Real financial impact: Learn why industrial breaches cost $5.5-6 million on average, with downtime running $125,000 per hour
Practical solutions that work: Discover how segmentation, virtual patching, and agentless endpoint tools can protect legacy systems without breaking the bank
Political warfare decoded: Understand the often-toxic dynamics between IT and OT teams that sabotage security initiatives
Implementation roadmaps: Get actionable strategies for deploying zero-trust architectures on the plant floor

Whether you're a CISO struggling to justify OT security budgets, an engineer trying to protect decades-old industrial systems, or a consultant navigating the minefield of industrial cybersecurity politics, this episode delivers the kind of street-smart insights you won't find in vendor whitepapers.

Chapters:

00:00:00 - Cyber insurance denied over incomplete MFA
00:03:21 - What clients face as they begin the OT security journey
00:06:35 - Industrial breach cost stat ($5.5–$6M; ~$125k/hour downtime)
00:07:36 - Too many IT tools forced into OT
00:08:47 - Investment hurdles and budgeting misalignment
00:11:05 - Collaboration between OT asset owners and the CISO
00:13:24 - Hamilton ransomware: 80% hit; cyber insurance denied for incomplete MFA
00:14:26 - HMI username/password written in Sharpie; segue to TXOne solutions
00:18:22 - Who embraces TXOne first—IT or OT?
00:20:58 - CISOs on OT priorities and piloting top sites
00:22:25 - The ugly: Lacking OT inventory, unclear playbooks, starting from zero
00:23:26 - The good: Safeguarding OT, anomaly alerts, avoiding risky legacy connections
00:24:34 - Healthcare imaging case: XP-based systems, high replacement costs
00:27:03 - AI useful in SOC/baselining; humans still required on OT side
00:29:15 - Combining best-of-breed solutions to avoid costly deployment gaps
00:29:47 - Why deployments stall—overwhelm and fatigue after tech selection

Links And Resources:

Want to Sponsor an episode or be a Guest? Reach out here.
Debbie Lay, TXOne Networks on LinkedIn
Patrick Gillespie, GuidePoint Security on LinkedIn
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

From Shelfware to Security: Operationalizing OT Industrial Cybersecurity Tools

Sun, 10 Aug 2025 00:00:00 -0700

Many manufacturing leaders believe they’re seeing 80–85% of their OT environment industrial assets. But in this episode, Dino and Craig reveal the reality that most have visibility into only 30–35% of their industrial control system assets, leaving the hidden 70% vulnerable.

In this hard-hitting episode, they dismantle the false sense of OT security. They explore why million-dollar cybersecurity tool investments aren't fully utilized, and expose the costly disconnect between corporate IT, plant-floor teams, and third-party vendors.

From debunking the air gap myth to stressing the need to trust but verify every connection, they show how to turn underutilized tools into proactive defenses that improve both security and operational efficiency.

If you think your ICS is fully protected, this conversation might change your mind.

Chapters:

00:00:00 - Introduction: When Inefficiency Becomes Expensive
00:00:59 - The Hidden Danger of Feeling Secure in Manufacturing
00:03:58 - Why True Visibility and Accurate Data Change Everything
00:07:18 - Real-World Roadblocks: Missteps and Mixed Messages
00:10:24 - Who Holds the Power vs. Who Bears the Blame in Cybersecurity
00:21:47 - Charting a Smarter Path to Stronger Cyber Defenses
00:25:27 - Conclusion: Actionable Moves to Level Up Your Security

Links And Resources:

Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

When the Plant Can't Stop: Securing Systems That Never Sleep

Tue, 05 Aug 2025 04:00:00 -0700

In this episode of Industrial Cybersecurity Insider, Craig Duckworth sits down with Ian Bramson, VP of Global Industrial Cybersecurity at Black & Veatch, to explore what it really takes to secure complex industrial systems.

Whether you're retrofitting legacy brownfield environments or designing cybersecurity into greenfield builds, Ian unpacks the foundational questions every organization must answer:

What do you need to protect?
Where are your holes?
Can you see what's happening and respond if something goes wrong?

From AI-enabled attackers to real-time asset visibility, he shares actionable insights on risk management, OT monitoring, and why leaders must begin treating cybersecurity like safety, not just an IT function.

Whether you’re managing a water treatment plant, a power plant, or smart transportation infrastructure, this conversation delivers clarity in complexity - and guidance for what to do next.

Chapters:

00:00:00 - Uncovering Hidden Dangers in Remote Access
00:00:59 - Meet Ian Bramson: Defending the World’s Most Critical Systems
00:02:58 - Why Critical Infrastructure Is Everyone’s Business
00:03:30 - Power and Water: The Frontlines of Cyber Defense
00:09:07 - Decoding NERC CIP: What You Really Need to Know
00:10:38 - Walking the Tightrope Between Compliance and True Security
00:17:01 - Proven Cybersecurity Tactics That Actually Work
00:22:50 - AI in Cybersecurity: Game-Changer or New Threat?
00:24:47 - How Public and Private Sectors Tackle Cyber Risk Differently
00:29:31 - Ian Bramson’s Final Playbook for Today’s CISOs

Links And Resources:

Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

The Lawyer's View: Strategic Lessons in Cybersecurity and Incident Response

Tue, 29 Jul 2025 04:00:00 -0700

Craig Duckworth sits down with seasoned attorney and cyber crisis strategist Josh Cook, founder of Left of Boom Consulting.

Together, they explore the pivotal role of proactive preparation in cybersecurity especially for mid-market and industrial organizations navigating today’s hyper-connected, AI-augmented threat landscape.

Josh shares hard-earned insights from decades of incident response leadership, emphasizing why building your cyber playbook before the attack is critical.

From legal implications and executive missteps to the psychological attributes needed in your incident command post, this conversation is a masterclass in cyber resilience and proactive protection by design.

Chapters:

00:00:00 – Kicking Off with Chaos: Why Incident Response Matters
00:01:02 – Enter Josh Cook: Legal Strategist Turned Cyber Commander
00:01:18 – War Stories and Wisdom: Josh’s Journey to Left of Boom
00:02:38 – Planning Beats Panic: Mastering the Art of Pre-Incident Prep
00:04:17 – Assembling the A-Team: Who Belongs in Your Cyber War Room
00:09:07 – AI at the Front Lines: Friend, Foe, or Something in Between?
00:12:42 – Industrial Chaos: What’s Really Holding Cybersecurity Back
00:16:07 – Boardroom to Shop Floor: Why the C-Suite Can’t Stay Silent
00:25:18 – No Secrets Here: Transparency and the Power of Telling the Truth
00:29:08 – Parting Shots: Josh’s Battle-Tested Advice for Resilience

Links And Resources:

Josh Cook on LinkedIn
Website
Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Plant-Level Cyber Risk: Who’s Actually Responsible?

Tue, 22 Jul 2025 04:00:00 -0700

In this episode, Dino Busalachi and Craig Duckworth tackle one of the most overlooked threats in cybersecurity: the number of industrial vendors and system integrators in manufacturing environments.

The conversation addresses the relationship and communication gap between IT and the teams responsible for designing and supporting industrial control systems. They emphasize the need for improved governance, enhanced vendor accountability, and clear ownership of cyber risk.

Whether you're a CISO, CIO, or VP of Engineering, this episode offers actionable insight into bridging the IT/OT divide, securing plant floors, and building a cybersecurity strategy that works at the edge of your business.

Chapters:

00:00:00 - Kicking Off: Why Transparency in Cyber Matters
00:00:43 - Who’s Talking? Meet Craig & Dino
00:01:05 - The Big Question: What’s IT’s Role in Industrial Security?
00:01:35 - When Too Many Vendors = Chaos
00:02:37 - How to Actually Secure OT Environments
00:03:46 - Choosing the Right Partners (and Asking the Right Questions)
00:12:37 - Why Cyber Teams Need Plant Floor Time
00:14:24 - Getting Smarter: Use External Experts & Vendor Summits
00:18:22 - IT Meets OT: Closing the Culture Gap
00:30:03 - What Now? Practical Next Steps for CISOs

Links And Resources:

Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

The C-Suite's Role in Industrial Cybersecurity

Thu, 17 Jul 2025 04:00:00 -0700

In this episode, Craig Duckworth and Dino Busalachi discuss the critical role of the C-suite in fortifying manufacturing environments against cyber threats.

They discuss the unique challenges that manufacturing organizations face. Their conversation reinforces the importance of executive teams understanding and actively engaging in industrial OT cybersecurity strategies.

With compelling arguments for a more involved C-suite, Craig and Dino explore the intersection of cybersecurity and operational efficiency. They emphasize the need for leadership to understand and lead the charge to ensure security for industrial control systems.

This episode serves as a wake-up call for executives to embrace their role in protecting their companies from potential adverse events. This episode highlights the fact that cybersecurity is not just an IT issue but a foundational aspect of modern business resilience.

Chapters:

00:00:00 - Meet Dino and Craig
00:01:47 - Deciphering Cybersecurity's Extensive Influence on Manufacturing Dynamics
00:03:29 - Unpacking the Costs: The Stark Reality of Ignoring Cybersecurity
00:04:08 - The Interplay Between Cyber Insurance, Liability, and Organizational Security
00:05:07 - Charting the Course: Fundamental Actions for Cyber Resilience
00:07:35 - Implementing Cybersecurity Measures: A Tactical Overview for Manufacturing Leaders
00:10:54 - The Imperative of Continuous Monitoring in Mitigating Cyber Risks
00:14:11 - Bridging the Divide: Fostering Collaboration Between IT and OT Teams
00:17:06 - Cultivating Cyber-Aware Culture: Integrating Security into the Manufacturing DNA
00:20:01 - Forward Momentum: Strategic Insights for Executive Leadership on Cybersecurity
00:24:28 - Reflecting on the Imperatives of Cybersecurity in the Manufacturing Sector

Links And Resources:

Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Breaking Down the IT-OT Wall: Why IT Cybersecurity Tools Fail on the Plant Floor

Tue, 08 Jul 2025 04:00:00 -0700

In this episode, Dino Busalachi and Craig Duckworth tackle a critical disconnect plaguing industrial organizations: the disconnect in understanding and communication between IT and OT regarding industrial cybersecurity.

While some IT departments are investing in OT cybersecurity platforms, 85% of the data these tools collect is designed for OT teams to act upon. Unfortunately, plant floor personnel, system integrators, and OEMs working in these environments rarely get access to dashboards, asset inventories, or vulnerability reports.

Organizations must move beyond the "oil and water" mentality between IT and OT. This means involving plant personnel in cybersecurity decisions, sharing data with trusted partners who "build the cars" (not just buy them), and recognizing that effective OT security requires collaboration with the people who live and breathe on the plant floor every day.

Bottom Line: If you're not sharing cybersecurity data with your system integrators, OEMs, and plant operations teams, you're not practicing true IT-OT convergence. You're missing critical opportunities to improve your security posture where it matters most.

Chapters:

00:00:00 - Why Local Collaboration is Critical for Cybersecurity Success
00:01:07 - Meet Dino and Craig: Experts in IT/OT Integration
00:01:49 - Unpacking the Challenges of IT/OT Convergence
00:02:28 - Why IT and OT Teams Often Struggle to Align
00:04:48 - Building Collaborative Frameworks for Stronger Cybersecurity
00:07:33 - The Role of CIOs and CISOs in Driving Change
00:08:44 - Navigating the Complexities of Diverse Plant Environments
00:10:23 - Partnering with Vendors to Enhance Security Outcomes
00:11:16 - Key Questions to Evaluate System Integrators Effectively
00:16:35 - Using Tabletop Exercises to Align IT and OT Teams
00:22:20 - Closing Thoughts: Bridging the Divide for Unified Cybersecurity

Links And Resources:

Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

The System Integrator’s Role in Supporting OT Security

Tue, 01 Jul 2025 04:00:00 -0700

In this episode, Craig Duckworth and Dino Busalachi discuss the critical but often overlooked or misunderstood role of system integrators (SIs) in industrial cybersecurity.

Key Issues Identified:

Organizations typically work with multiple specialized integrators across different facilities and systems
Some SIs lack cybersecurity expertise, focusing primarily on equipment functionality
Equipment can remain connected to networks for decades, with ownership and oversight changing hands over time
System integrators must exercise proper IT coordination to implement remote access solutions effectively

Recommendations:

IT and OT teams should collaborate more closely with system integrators on cybersecurity planning
Organizations need to evaluate their SIs' cybersecurity capabilities and partnerships
Consider standardizing on integrators with demonstrated cybersecurity practices and vendor certifications
Apply the same due diligence used for IT vendor selection to OT system integrators

Bottom Line: System integrators are essential partners in executing industrial cybersecurity strategies and protection. Organizations must actively engage them in security conversations and ensure they have the necessary skills and partnerships to implement secure solutions for their plant environments from the start.

Chapters:

00:00:00 - Real-World Ransomware Hits the Plant Floor
00:00:52 - Meet the System Integrators Shaping Your OT Plant Floor Security
00:01:17 - What System Integrators Really Do (and Don’t)
00:04:13 - Remote Access: The Hidden Backdoor Nobody Sees
00:08:34 - Why Ongoing Monitoring Is Non-Negotiable
00:13:30 - How to Pick the Right System Integrator For Your Operations
00:26:17 - Building Strong Partnerships with Your Integrators

Links And Resources:

Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

When IT Cyber Events Bring Down the Plant Floor

Tue, 24 Jun 2025 04:00:00 -0700

Craig and Dino break down how cyberattacks that start in traditional IT systems can shut down entire manufacturing production lines, leading to massive financial losses.

Using real-world examples like UNFI's $500 million drop in market value in 60 hours, they explain how overlooked connections between IT and the OT plant floor are often the weakest links.

You’ll hear why simply installing firewalls isn’t enough, how organizational silos between IT and operations cause major blind spots, and what it really takes to secure industrial equipment.

Whether you're in leadership, technology, or operations, this episode will change how you think about cyber risk and business continuity in connected environments.

Chapters:

00:00:00 - Introduction: Where Responsibility Ends and Authority Doesn’t Begin
00:01:08 - Meet Your Guides: Dino & Craig On the Frontlines
00:01:14 - When Cyber Hits the Plant Floor
00:01:28 - Real-World Wake-Up: The Unify IT Incident
00:02:36 - The Gaps No One’s Watching in OT Security
00:03:18 - How Org Structure Can Make or Break Cyber Defense
00:04:03 - Plugging in OT Visibility: IDS in Action
00:04:43 - Who’s Really Calling the Shots—Corporate or the Plant?
00:07:02 - IT-OT Convergence: What Leaders Must Understand
00:13:14 - Building Cyber Defense That Actually Works
00:15:25 - Recovery Starts Before the Breach
00:17:37 - Why IT Alone Can’t Fix OT Problems
00:24:55 - Just Getting Started? Here’s What to Do First
00:28:33 - Final Word: You Can’t Secure OT Alone

Links And Resources:

Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

When CISOs Inherit the Plant Floor: What Happens Next?

Tue, 17 Jun 2025 04:00:00 -0700

What happens when the CISO inherits responsibility for the security of the plant floor?

Dino and Craig discuss a growing trend: CISOs are being expected to oversee cybersecurity for industrial plant floors. Unfortunately, they don't have the background to effectively take on this responsibility.

A perpetuating trend exists where cybersecurity leaders are expected to protect factories and industrial assets without the authority, tools, or support to do so effectively.

In this conversation, Dino and Craig explain why traditional IT security approaches don’t work in these environments, and how things like outdated equipment, disconnected systems, and outside vendors make the challenge even harder.

From weak remote access tools to the confusion around who actually manages plant security, this episode shines a light on the hidden risks most companies overlook.

Whether you're in IT, operations, or a leadership role, you’ll walk away with a better understanding of how to approach cybersecurity in complex industrial settings.

You'll also gain insights into the steps you can take to protect your people, your technology, and your bottom line.

Chapters:

00:00:00 - Kicking Off: Smart Tool Choices Start Here
00:01:02 - When CISOs Inherit the Factory Floor
00:02:17 - Making Friends with OEMs and Integrators
00:04:47 - Why OT Security Is a Whole Different Beast
00:08:50 - Cyber Budgets: Where’s the Money Really Coming From?
00:13:10 - How to Actually Roll Out Security in the Plant
00:18:35 - VPNs Aren’t Enough: Fixing Remote Access
00:24:42 - What OT Incident Response Really Looks Like
00:27:17 - Wrapping It Up: Strategy, Buy-In, and What’s Next

Links And Resources:

Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Reflections from the Front Lines of Industrial Cyber Failures

Thu, 12 Jun 2025 04:00:00 -0700

In this rewind episode, cybersecurity leaders revisit some of the hardest-hitting truths about protecting critical infrastructure in an increasingly converged IT/OT world.

This conversation explores the disconnect between IT theory and OT reality, from the real-world fallout of the CrowdStrike disruption to the challenges of virtual patching, insider threats, and the cloud’s role on the plant floor.

The discussion exposes how legacy systems, poor collaboration, alert fatigue, and vendor dependency continue to sabotage industrial cybersecurity.

They discuss tactical strategies for improving, from asset inventory and patching hygiene to choosing the right partners and walking the plant floor.

Chapters:

00:00:00 - Cyber threats are moving faster than your patch cycle
00:00:47 - Crowdstrike, Virtual Patching and Industrial OT Environments with Debbie Lay, TXOne Networks
00:07:48 - The #1 Myth Putting Your Industrial OT Assets at Risk
00:15:01 - Patch Management and Software Updates: IT versus OT

Links And Resources:

Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

What Every CISO Gets Wrong About OT Security

Thu, 05 Jun 2025 09:00:00 -0700

In this episode, Dino and Craig tackle one of the most misunderstood topics in industrial cybersecurity: IT/OT convergence.

But is it truly convergence or more of a collision?

Drawing from real-world experiences, they challenge the idea that OT is a “shadow IT group” and argue that operational technology deserves distinct governance, funding, and strategic influence.

From secure-by-design to system integrators' evolving role, this conversation is a call to action for CISOs, CIOs, and engineering leaders to rethink how they build cybersecurity partnerships across the plant floor.

Chapters:

00:00:00 - Opening Shot: Who’s Really in Charge—CIOs or the Plant Floor?
00:00:57 - Collision Course: IT and OT Can’t Keep Dodging Each Other
00:01:52 - Two Worlds, One Mission: Why OT Isn’t Just “IT in a Hard Hat”
00:04:07 - When Convergence Fails: What’s Missing in the Middle
00:05:54 - Breaking Silos: Why Cybersecurity Demands True Collaboration
00:08:22 - Real Talk: What Cyber Protection Looks Like on the Plant Floor
00:10:46 - OT’s Tipping Point: Will the Next Move Come from IT, or the Shop Floor?
00:17:32 - Your Move: What Leaders Must Do Next (Before It’s Too Late)

Links And Resources:

Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

OT Security in Hindsight: Visibility, Authority, and the Executive Disconnect

Tue, 27 May 2025 04:00:00 -0700

In this special rewind edition of Industrial Cybersecurity Insider, we revisit some of the most powerful insights shared on how to elevate OT cybersecurity across complex, distributed environments.

From budget allocation strategies to disaster recovery frameworks and the nuances of executive engagement, this episode distills frontline lessons into a compact, high-impact listen.

Whether you're navigating remote access risks, managing hybrid architectures, or striving to align plant managers with corporate cybersecurity goals, these reflections are a roadmap for driving resilience and maturity in your OT security strategy.

Chapters:

00:00:00 - Rewind Kickoff: From Blind Spots to Bold Predictions
00:00:46 - The A-Z of Industrial Cybersecurity for OT Environments with Industry Expert Bryson Bort
00:10:57 - Gartner, DOGE, and the Future of OT Cybersecurity Policy
00:21:38 - Uncovering Blind Spots in OT Cybersecurity

Links And Resources:

Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Bridging the IT-OT Divide with AI-Powered Insight

Tue, 20 May 2025 04:00:00 -0700

Dino and Craig tackle one of the most misunderstood challenges in cybersecurity for industrial environments. The persistent disconnect between IT-led cybersecurity tools and operational technology realities.

They explore the concept of "shadow OT," as well as the limits of traditional IDS deployments.

They discuss why visibility is key to protecting critical systems. Vulnerability scanning alone isn't enough.

Real world case studies reveal how failing to engage OT teams derails cybersecurity strategies.

One case involved rogue servers causing daily production failures. Another featured misconfigured modules choking brewery operations. These examples show that even the most advanced strategies fail without OT team involvement.

For leaders in manufacturing, utilities, and critical infrastructure, this is a must-listen conversation. It's about redefining risk management through OT-first thinking.

Chapters:

00:00:00 - When Machines Stop, Money Bleeds: The Downtime Dilemma
00:00:47 - Shadow IT or Ingenious OT? Rethinking Rogue Tech
00:02:29 - Cybersecurity Isn’t Enough: The OT Risk You’re Missing
00:04:37 - Server Ghosts & Brewery Blunders: Fixing What IT Can’t See
00:06:41 - Visibility is Power: Using the Tools You Already Own
00:09:50 - IT vs. OT: Breaking Silos, Building Alliances
00:13:28 - Final Thoughts: Who Really Owns OT Security?

Links And Resources:

Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Visibility Revisited: Trends Shaping the Future of OT Cybersecurity

Tue, 13 May 2025 04:00:00 -0700

In this special rewind episode we highlight outside influences shaping control system integrity, the impact of AI, emerging technologies, and the dynamics of building a career in OT cybersecurity.

Drawing from frontline experiences and industry events like the S4 Conference, the discussion explores the growing organizational shift toward dedicated OT cybersecurity roles.

We address the critical need for alignment between capital and operational expenditures, and the importance of selecting technologies that provide actionable visibility across diverse plant environments.

Listeners will gain strategic guidance on integrating cybersecurity into capital planning, addressing asset variability across sites, and implementing scalable, non-disruptive security frameworks.

From OT-specific IDS deployment to balancing remote access with zero-trust principles, this episode offers practical, forward-looking advice.

Whether you're a practitioner or a decision-maker, focused on securing extended IIoT environments while maintaining operational resilience, this episode covers practical and relatable challenges and solutions.

Chapters:

00:00:00 – A Strategic Rewind: Exploring the Emerging Roles, Budget Realities, and Lessons Learned in OT Cybersecurity
00:00:41 - Gartner, DOGE, and the Future of OT Cybersecurity Policy
00:12:12 - The Future Looks Bright : Building a Career in OT Cybersecurity
00:22:44 - AI, Global Trends, and More: A Glimpse into the Future of OT Cybersecurity with Claroty

Links And Resources:

Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Stuxnet to Colonial Pipeline What Have We Learned & What’s on the Horizon?

Tue, 06 May 2025 04:00:00 -0700

Dino sits down with Mike Holcomb, Fellow and Director of ICS/OT Cybersecurity at Fluor, to explore the critical, and often overlooked challenges in securing operational technology.

From his early fascination with hacking culture to leading OT security for one of the world’s largest engineering firms, Mike shares personal insights and lessons learned.

The conversation covers the delayed cybersecurity maturity in OT environments and the lasting impact of the Colonial Pipeline breach.

They address the crucial role of visibility, engineering partnerships, and cultural buy-in when building secure industrial systems.

Whether you’re managing pipelines, power grids, or manufacturing floors, this episode delivers actionable insights and strategic foresight for leaders protecting our most vital infrastructure.

Chapters:

00:00:00 - Why OT Security Still Falls Behind
00:01:03 - Mike Holcomb’s Unlikely Path to Cybersecurity
00:01:23 - Hacking Curiosity and a Love for Breaking Things
00:02:16 - From Network Admin to OT Defender
00:03:08 - Stuxnet, Colonial, and the Wake-Up Calls We Ignored
00:06:18 - When OT and IT Don’t Speak the Same Language
00:12:14 - Threats Are Getting Smarter — Are We Keeping Up?
00:26:29 - Evolving the Culture of Cyber Hygiene
00:32:14 - Final Takeaways for Security Leaders

Links And Resources:

Mike Holcomb on LinkedIn
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Bridging IT/OT & Securing ICS: Kevin Kumpf, Chief OT / ICS Security Strategist, Cyolo

Tue, 29 Apr 2025 04:00:00 -0700

Dino welcomes Kevin Kumpf, Chief OT/ICS Security Strategist at Cyolo to this episode. They discuss the growing challenges and evolving strategies around cybersecurity in industrial environments.

Kevin shares a seasoned perspective on bridging the gap between IT and OT, busting myths about Zero Trust certifications, and the dangers of underutilized security tools - or "shelfware."

From real-world examples involving breweries, milk production, and energy plants, the conversation uncovers how lack of visibility, broken remote access practices, and aging systems create critical vulnerabilities.

Most importantly, Kevin offers actionable advice for CISOs, CTOs, and plant managers on building resilient cybersecurity frameworks without disrupting operations.

Don't miss this episode full of practical advice from industry experts.

Chapters:

00:00:00 - Kicking Off: Why OT Cybersecurity Can't Wait
00:01:18 - Meet Kevin Kumpf: From Bank Vaults to Industrial Battlegrounds
00:02:56 - Hard Truths About Securing Operational Technology
00:06:42 - Shelfware Syndrome: Why Tools Fail Without Strategy
00:12:09 - Plant Managers, Vendors, and the Battle for Cyber Resilience
00:23:56 - Remote Access Exposed: The Hidden Risks Inside Your Plant
00:30:58 - Closing Thoughts: Building Stronger, Smarter Industrial Defenses

Links And Resources:

Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Cyber Threats, China, and the Global Wake-Up Call

Thu, 24 Apr 2025 04:00:00 -0700

Dino and Craig address the recent acknowledgment by China of their role in U.S. infrastructure hacks. They explore the urgent cybersecurity challenges facing industrial environments.

With rising geopolitical tensions, tariffs, the push to bring more manufacturing back to the U.S. and increasing attacks on critical infrastructure, the stakes have never been higher.

From end-of-life PLCs still running core operations, to the disconnect between IT and OT leadership, this conversation identifies the systemic gaps leaving industrial operations exposed.

They outline the pressing need for visibility, actionable incident response plans, and a cultural shift toward collaboration across the stack, from plant floor to the boardroom.

Whether you’re a CISO or an operations lead, this episode offers real-world insights, battle-tested perspectives, and one clear takeaway: in cybersecurity, doing nothing is no longer an option.

Chapters:

00:00:00 - Kicking Off: Why IT-OT Unity Isn’t Optional Anymore
00:01:17 - Cyber Threats, China, and the Global Wake-Up Call
00:02:16 - CISA’s New Role: From Background Player to OT Ally
00:05:32 - Still Separate, Still Vulnerable: Why IT & OT Must Sync Up
00:09:48 - Blind Spots Kill: Why Visibility Is the Real MVP
00:10:43 - Remote Access Realities and the Myth of the Air Gap
00:20:29 - Crisis Mode: Are You Ready for the Worst?
00:23:50 - Dino & Craig’s Parting Shot: Do Something - Now

Links And Resources:

Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Zero Trust in OT: A Look Back at Lessons Across IT and OT

Tue, 15 Apr 2025 04:00:00 -0700

In this special rewind episode, Dino Busalachi and Jim Cook address the messy but critical reality of implementing Zero Trust in operational technology (OT) environments.

Drawing from years of hands-on experience, they break down why traditional IT frameworks often fail on the plant floor, especially when facing flat OT networks, legacy assets, and limited change windows.

They introduce a "bucket approach" to segmenting and securing OT networks from the ground up. With real-world insights into asset inventory, process integrity, remote access challenges, and cross-functional collaboration, this episode is invaluable.

Whether you're a CISO, CTO, an OT engineer, or IT expert; this episode offers solid advice on navigating the convergence of IT and OT in complex industrial systems and environments.

Chapters:

00:00:00 – Why Zero Trust Doesn’t Fit the Plant Floor (Yet)
00:00:45 - Zero Trust : IT versus OT with Dino Busalachi and Jim Cook
00:15:59 - Zero Trust in OT: Adapting IT's Playbook for Enhanced Security

Links And Resources:

Industrial Cybersecurity Insider
LinkedIn Cybersecurity Group Page
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn

Cybersecurity by Design: Building OT Security Into Your Manufacturing Plant Floor

Tue, 08 Apr 2025 04:00:00 -0700

In this episode, Dino and Craig address the practicalities of building cyber resilience directly into manufacturing environments - rather than after the fact.

Using real-world analogies and field-tested insights, they break down why treating OT security like physical safety is crucial.

They challenge the outdated mindset of retrofitting cybersecurity protection after deployment of industrial plant floor equipment.

This episode covers all the key elements of protecting your plant floor. From the importance of designing cybersecurity upfront, to implementing the SANS 5 Critical Controls, specific to cybersecurity in operational technology (OT) environments.

Whether you're planning a greenfield build or managing legacy systems, this episode equips mid-to-senior leaders with actionable strategies to align IT and OT teams, boost visibility across XIoT assets, and future-proof operational environments in high-risk industries.

Chapters:

00:00:00 - Kicking Off: Why Cybersecurity Can’t Be an Afterthought in Manufacturing
00:01:52 - Dino’s Five Must-Have OT Security Controls You Should Already Be Using
00:03:45 - When IT and OT Collide: Real Talk on Silos, Strategy, and Responsibility
00:06:08 - You Can’t Protect What You Can’t See: The Visibility Wake-Up Call
00:11:24 - Build It In, Don’t Bolt It On: Making Cybersecurity Part of the Machine
00:19:26 - Lost Docs and Retiring Experts: Managing Risk Across the Lifecycle
00:20:41 - Dino and Craig’s Final Word: Start Now, Start Smart—Security Is the New Safety

Links And Resources:

Industrial Cybersecurity Insider on LinkedIn
Cybersecurity Insider Newsletter
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

The CISO & Talent Crisis: Turnover Meets OT Cybersecurity Gaps

Tue, 01 Apr 2025 04:00:00 -0700

In this episode, Dino and Craig dive deep into the disturbing talent exodus in cybersecurity. The discussion is sparked by Gartner’s prediction that 25% of cybersecurity professionals will leave the field in the next year.

They explore the growing gap between IT and OT teams, the lack of CISO influence in executive leadership, and the friction between cybersecurity goals and operational uptime.

With real-world anecdotes and hard-hitting insights, they unpack everything from rogue assets and malware in OT environments to the challenges of implementing EDR tools in live production lines.

Whether you're a CISO, CIO, or plant manager, this episode offers a candid look at the complex dynamics of securing industrial environments — and how collaboration is the only path forward.

Chapters:

00:00:00 – Kicking Off with a Brutal Reality Check on Cybersecurity
00:01:06 – Gartner Says 25% of Cyber Pros Are Leaving — Here’s Why That Matters
00:03:15 – IT vs OT: The Culture Clash Still Killing Cyber Progress
00:09:35 – Why the Wrong Service Partner Could Be Your Biggest Risk
00:14:05 – Malware, Rogue Assets, and the Ugly Truth About Your Plant Floor
00:18:22 – Real Strategies for Fixing the IT/OT Disconnect (Without Killing Uptime)
00:24:06 – Stop Talking. Start Acting. What Cyber Leaders Need to Do Today

Links And Resources:

Industrial Cybersecurity Insider on LinkedIn
Cybersecurity Insider Newsletter
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

The #1 Myth Putting Your Industrial OT Assets at Risk

Tue, 25 Mar 2025 04:00:00 -0700

In this episode, Dino and Craig tackle one of the most overlooked vulnerabilities in industrial cybersecurity: the unintentional chaos caused when IT security procedures are blindly applied to OT environments.

Using real-world examples like the CrowdStrike EDR failure, they illustrate how tools meant to protect can actually shut down production lines, cripple HMIs, and introduce massive operational risk.

They call out the air-gap myth, the need for shared authority between IT and OT, and the critical importance of context when deploying cybersecurity solutions on the plant floor.

For executives and practitioners alike, this episode is a wake-up call to rethink governance, accountability, and collaboration between traditionally siloed IT and OT teams.

Chapters:

00:00:00 – IT vs. OT: The Unspoken War
00:01:03 – Meet Your Guides: Dino & Craig
00:01:05 – IT/OT Explained… Without the Jargon
00:02:26 – How IT Crashed the Plant Floor
00:05:12 – Talk to Me Like I’m Production
00:08:53 – Security Priorities: Worlds Collide
00:13:40 – Vendors, Integrators & Invisible Risks
00:21:52 – Who Owns the Fallout?

Links And Resources:

Cybersecurity & Digital Safety Group on LinkedIn
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Staying Ahead of an Industrial Cybersecurity Attack with Carlos Buenaño, Armis CTO

Wed, 19 Mar 2025 04:00:00 -0700

Dino Busalachi sits down with Carlos Buenaño, CTO of Armis, to explore the evolving cybersecurity challenges in industrial control systems (ICS) and operational technology (OT).

Carlos shares insights from his extensive experience in process control engineering, industrial network security, and IT-OT convergence. He sheds light on how organizations can gain visibility into their OT environments, mitigate cyber risks, and implement effective security frameworks.

From real-world ransomware incidents to strategies for network segmentation and asset monitoring, this discussion provides actionable insights for anyone involved in securing industrial infrastructure.

Whether you're a plant manager, security leader, or IT-OT strategist, this episode is packed with valuable takeaways.

Chapters:

00:00:00 - The High-Stakes World of Plant Management and Control Systems
00:01:20 - Meet the Experts: Dino and Carlos on Industrial Cybersecurity
00:01:55 - From Engineer to CTO: Carlos’ Journey in Securing ICS
00:03:15 - Designing Secure Control Networks: Lessons from Australia
00:05:17 - IT vs. OT: Why the Security Approach Must Change
00:08:14 - Breaking Down IT-OT Conflicts and Finding Common Ground
00:13:52 - Hidden Cyber Threats in Industrial Control Systems
00:23:16 - How to Stay Ahead of Cyber Attacks in OT Environments
00:24:15 - Key Takeaways and Actionable Steps for Industrial Security

Links And Resources:

Juan Carlos (Carlos) Buenaño on LinkedIn
Cybersecurity & Digital Safety Group on LinkedIn
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Blind Spots in Industrial Cybersecurity: What False Confidence Could Cost You

Thu, 13 Mar 2025 04:00:00 -0700

Organizations in the industrial sector continue to invest in cybersecurity, but are they truly secure, or just leaning on a false sense of comfort?

In this episode, industry experts Dino Busalachi and Craig Duckworth, dive into the dangerous gap between perception and reality when it comes to OT cybersecurity.

They discuss real-world challenges, from blind spots in asset visibility to leadership misalignment and third-party risks.

With a focus on practical steps, they explore why security frameworks must go beyond IT, how to align business needs with security, and why treating cybersecurity like safety is essential.

This episode is a must-listen for anyone serious about protecting their industrial environments.

Chapters:

00:00:00 - Kicking Off: Are You Truly Secure or Just Comfortable?
00:00:47 - A Quick Timeout: NCAA Madness Before Cyber Madness
00:01:15 - OT Security Reality Check: Do You Really Know Your Risks?
00:01:45 - The Hidden Challenges Holding OT Security Back
00:03:15 - Lack of Skilled Resources: The Biggest Barrier to Security
00:05:30 - Security Frameworks: Are They Reaching the Plant Floor?
00:06:15 - The Dangerous Myth of “Isolated” OT Systems
00:07:58 - From Theory to Action: Winning Strategies for OT Security
00:12:13 - Leadership’s Role in Cybersecurity: Who’s Driving the Change?
00:19:55 - No More Blind Spots: Key Takeaways for a Secure Future

Links And Resources:

Cybersecurity LinkedIn Group
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Avoiding Compliance Risks : From Audit to Action

Tue, 04 Mar 2025 04:00:00 -0700

Industrial cybersecurity is no longer an option—it’s a necessity.

In this episode, Kimberly Anderson, Managing Director at UHY, joins Craig Duckworth to explore the growing cybersecurity challenges facing manufacturers and industrial operations.

They discuss the gaps in cybersecurity accountability, IT/OT entanglement, and why network segregation is still a major hurdle.

Kimberly shares insights on cyber insurance pitfalls, compliance best practices, and why businesses should move beyond "checking the box" to build a truly resilient cybersecurity program.

Whether you're facing vendor or OEM remote access risks, securing legacy systems, or navigating industrial cybersecurity regulations, this conversation provides actionable insights to help you stay in compliance and ahead of common cybersecurity pitfalls.

Chapters:

00:00:00 - Ransomware Isn’t Your Biggest Threat—Human Error Is
00:00:44 - Meet Kimberly Anderson: From Chemistry to Cybersecurity Leadership
00:01:17 - Why Technology Risk & Compliance Can’t Be Ignored in Industrial Cybersecurity
00:02:29 - IT/OT Security Integration: Why It’s a Struggle and How to Get It Right
00:03:56 - Network Segregation: The Critical Security Step Most Companies Overlook
00:05:42 - The IT/OT “Divorce”: Why Separating Networks is a Game-Changer
00:06:41 - Rushing to the Cloud? Avoid These Vendor Security Pitfalls
00:11:48 - Cyber Insurance Isn’t a Safety Net—Here’s What You’re Missing
00:14:43 - Beyond “Checking the Box”: How to Build a Resilient Cybersecurity Strategy
00:18:25 - Final Takeaways: Simple Steps to Strengthen Your Security Today

Links And Resources:

Kimberly Anderson on LinkedIn
UHY Advisors, Inc.
Industrial Cybersecurity LinkedIn Group
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Gartner, DOGE, and the Future of OT Cybersecurity Policy

Tue, 25 Feb 2025 04:00:00 -0700

In this episode, we dive into the latest Gartner Magic Quadrant report for OT cybersecurity and analyze key players, market trends, and strategies for selecting the right security partners.

We also discuss insights from the recent S4 conference, the growing importance of cyber-informed engineering, and how organizations can effectively align IT and OT security strategies.

We discuss CapEx versus OpEx and potential implications of the DOGE initiative around industrial cybersecurity investments.

Whether you're planning your next cybersecurity investment or tackling legacy system challenges, this episode provides practical guidance to help you navigate the OT security landscape.

Chapters:

00:00:00 -Think Globally, Secure Locally: Crafting an Effective OT Cyber Strategy
00:00:31 -Meet Dino & Craig: Cybersecurity Pros with Real-World OT Experience
00:01:03 -Cybersecurity Headlines That Matter: What’s Shaping OT Security Today
00:02:20 -Gartner’s Magic Quadrant Revealed: Who’s Leading OT Cybersecurity?
00:03:08 -Why OT Teams Hold the Key to Cybersecurity Success
00:04:24 -Your OT Ecosystem is Bigger Than You Think—Here’s Why That Matters
00:05:08 -S4 Conference Takeaways: The Future of Secure-By-Design Machines
00:11:39 -CapEx vs. OpEx: Smart Budgeting for OT Cybersecurity Investments
00:19:08 -AI, Onshoring, and the Next Big Shifts in Industrial Cybersecurity
00:20:50 -IT vs. OT? No—IT & OT: How to Bridge the Divide for Better Security
00:23:02 -Final Insights: The Must-Know Takeaways for Securing Your OT Environment

Links And Resources:

Cybersecurity Group Page on LinkedIn
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Assessing AI’s Role in Cybersecurity

Tue, 18 Feb 2025 04:00:00 -0700

The rapid evolution of AI is reshaping industrial cybersecurity, but are organizations ready for the risks?

In this episode, three different experts explore the complexities of securing OT environments, the rising role of AI in threat detection, and the challenges of integrating IT and OT security.

From governance and compliance to workforce development and emerging cyber threats, this discussion sheds light on the shifting cybersecurity landscape.

Gain insights into the future of industrial security, the impact of AI-driven decision-making, and the importance of balancing innovation with risk management.

Chapters:

00:00:00 - Diving into AI’s evolving role in industrial cybersecurity—threats, solutions, and what’s next
00:00:43 - AI, Global Trends, and More: A Glimpse into the Future of OT Cybersecurity with Claroty
00:5:16 - AI in Industrial Cybersecurity: Friend, Foe, or Something in Between?
00:10:58 - From Legacy Systems to Ransomware: The Evolution of OT Cybersecurity

Links And Resources:

Cybersecurity Group Page on LinkedIn
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Overlooked Risks With IIoT in Industrial Cybersecurity

Tue, 11 Feb 2025 04:00:00 -0700

Craig and Dino dive deep into the critical yet often overlooked aspects of industrial cybersecurity in relation to IIoT.

They discuss the misconception that many OT assets are isolated when, in reality, they are interconnected and vulnerable.

The conversation highlights the importance of complete asset inventory, IT-OT collaboration, and the hidden risks posed by vendor access, remote connections, and unmonitored network traffic.

With real-world insights, they explore how organizations can leverage cybersecurity tools not just for threat prevention but also for process integrity and operational efficiency.

If you’ve ever wondered how to bridge the gap between IT-driven cybersecurity and OT-focused operations, this episode is a must-listen.

Chapters:

00:00:00 - Introduction: Why OT Security Matters More Than You Think
00:01:08 - Meet Craig and Dino: Experts in Industrial Cybersecurity
00:01:16 - Breaking Down IoT vs. OT: Understanding the Differences
00:02:33 - Why Asset Inventory in Industrial Environments is a Challenge
00:03:42 - The Hidden Risks of Overlooking Connected OT Assets
00:04:32 - The IT-OT Divide: Why Collaboration is Crucial for Security
00:08:29 - Industrial IoT Blind Spots: What You’re Missing
00:09:08 - Preventing Downtime: How Cybersecurity Tools Can Help
00:12:00 - How Sensors and Data Can Predict and Prevent Failures
00:14:20 - Digital Threats to OT: Why Anomalies Matter
00:16:42 - Why OT Teams Need to Fully Understand Cybersecurity Tools
00:19:13 - Finding the Right Partner for IT-OT Cybersecurity Integration
00:20:04 - Bridging the Gap: Building Stronger IT and OT Relationships
00:21:07 - Final Thoughts: How to Take Action on OT Security Today

Links And Resources:

Velta Technology
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

How to Secure OT Environments Without Disruptions with Dan Cartmill, TXOne Networks

Tue, 04 Feb 2025 04:00:00 -0700

The cybersecurity challenges of industrial environments are unique and complex, requiring a shift in mindset from traditional IT security strategies.

Dan Cartmill, Sr. Global Product Marketing Director for TXOne Networks, joins Dino Busalachi for this episode. They discuss the critical divide between IT and OT security, why collaboration is essential, and how organizations can take the first steps toward securing their industrial control systems (ICS).

Drawing from his experience in the Royal Australian Navy, IT security, and product marketing, Dan shares key insights on the operational risks of cybersecurity tools, the importance of ownership in security decisions, and why companies must move beyond fear-based approaches to focus on practical, incremental solutions.

If your organization struggles with securing legacy systems, aligning IT and OT teams, or justifying cybersecurity investments, this episode offers real-world strategies and actionable takeaways.

Chapters:

00:00:00 - The First Step to Securing OT: Why You Can’t Afford to Wait
00:01:00 - Meet Dino and Dan: A Conversation on Industrial Cybersecurity
00:01:51 - From the Navy to Cybersecurity: Dan’s Journey into Protecting Industrial Systems
00:05:30 - The Biggest Cybersecurity Challenges Facing Industrial Environments Today
00:09:00 - IT vs. OT: Who Owns Cybersecurity and Why It Matters
00:14:01 - Breaking Down Silos: How Collaboration Can Make or Break Your Security Strategy
00:22:35 - Cybersecurity is a Team Sport: How the Right Partners Can Make All the Difference
00:25:00 - Think Globally, Act Locally: Why OT Security Must Be Customized for Each Plant
00:29:15 - Who Owns OT Security? Why IT and OT Leaders Need a Unified Strategy
00:33:00 - The Power of Collaboration: Bringing IT, OT, and Vendors to the Same Table
00:36:10 - The Cost of Cybersecurity: Why Companies Struggle to Justify OT Security Investments
00:38:45 - Legacy Systems & Cyber Risk: Why Ignoring the Problem is Not an Option
00:40:53 - The Takeaway: Why Action Beats Perfection in OT Security

Links And Resources:

Dan Cartmill on LinkedIn
TXOne Networks
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

The A-Z of Industrial Cybersecurity for OT Environments with Industry Expert Bryson Bort

Tue, 28 Jan 2025 04:00:00 -0700

Join us as we delve into the fascinating world of operational technology (OT) cybersecurity with Bryson Bort, founder of SCYTHE, Grimm, and co-founder of ICS Village.

Discover how his experiences shaped innovative approaches to OT risk management, why visibility and architecture are foundational to security, and the importance of building trust between IT and OT teams.

From real-world case studies to actionable strategies, this episode explores the evolving landscape of industrial cybersecurity and the steps organizations must take to stay ahead.

Chapters:

00:00:00 - Welcome and introduction to today’s focus on industrial cybersecurity
00:01:10 - Bryson Bort shares his journey from military service to OT security innovation
00:02:02 - The evolution of cybersecurity: milestones and lessons for OT environments
00:03:21 - Exploring industrial control systems and the roots of car hacking
00:06:52 - Tackling real-world challenges in industrial cybersecurity
00:08:00 - Why visibility and architecture are foundational for OT security
00:09:30 - Dispelling misconceptions about air-gapped systems in OT environments
00:11:10 - Practical insights on segmentation and defensible architectures
00:13:00 - How attackers exploit vulnerabilities and why monitoring is essential
00:14:30 - Building trust between IT and OT teams for successful convergence
00:16:00 - Leveraging purple teaming to enhance collaboration and resilience
00:17:07 - Strategies for building trust and creating effective OT security solutions
00:26:54 - The future of cybersecurity and Bryson’s parting insights

Links And Resources:

Bryson Bort on LinkedIn
SCYTHE
ICS Village
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Uncovering Blind Spots in OT Cybersecurity

Tue, 21 Jan 2025 04:00:00 -0700

In this week's episode, Craig Duckworth and Dino Busalachi address common blindspots that challenge industrial cybersecurity.

They explore the hidden vulnerabilities within operational technology (OT) environments, the limitations of traditional IT approaches in industrial settings, and the critical importance of asset visibility.

With a focus on actionable strategies, they advocate for secure-by-design principles, cross-functional partnerships, and tailored solutions to address the dynamic and diverse nature of OT systems.

This discussion is essential for anyone seeking to navigate the complexities of cybersecurity in industrial environments while ensuring operational continuity.

Chapters:

00:00:00 - Introduction: The Challenges and Importance of Industrial Cybersecurity
00:01:14 - Mapping the Threat Landscape: Hidden Risks in OT Environments
00:01:35 - Understanding Traffic Patterns: North-South vs. East-West Communication
00:02:15 - IT vs. OT Roles: Defining Responsibilities in Cybersecurity
00:03:10 - Visibility Challenges: Identifying Blind Spots in Industrial Assets
00:06:00 - Asset Ownership: Who’s Responsible for Securing OT Systems?
00:09:46 - Remote Access Risks: Why VPNs Aren’t Always the Right Solution
00:18:46 - Continuous Monitoring: Moving Beyond Static Assessments
00:21:12 - Collaboration for Success: Building Effective IT-OT Partnerships
00:26:15 - Takeaways and Next Steps: Recommendations for Industrial Cybersecurity

Links And Resources:

Velta Technology
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

AI in Industrial Cybersecurity: Friend, Foe, or Something in Between?

Tue, 14 Jan 2025 04:00:00 -0700

Join us for an in-depth exploration of industrial cybersecurity with expert and Emmy award-winning reporter Kerry Tomlinson, who focuses on cybersecurity, Kerry Tomlinson.

Discover practical strategies to combat today’s most critical threats, from navigating AI vulnerabilities to addressing ethical dilemmas around safety and profit.

Kerry underscores the essential role of human involvement and cultural alignment in fostering cyber resilience.

Learn why foundational practices—like asset inventories and prioritized action plans—are crucial, and how organizations can stay ahead in an ever-evolving threat landscape while building a culture of digital safety.

Chapters:

00:00:00 - Unmasking Cyber Risks: How Human Actions Shape Security
00:00:45 - Meet Kerry Tomlinson: Cybersecurity Storyteller and Strategist
00:02:16 - Simplifying Cyber Layers: From Personal to Industrial Defense
00:03:51 - Overcoming Industrial Cybersecurity Challenges
00:04:51 - Facing Threats Head-On: Lessons from Real-World Attacks
00:14:25 - AI in the Spotlight: Opportunities and Dangers in Cybersecurity
00:17:20 - Back to Basics: Essential Practices for Cyber Resilience
00:21:10 - Humans at the Core: Why Culture Matters in Cybersecurity
00:26:24 - Final Insights: Building a Safer Digital Future Together

Links And Resources:

Kerry Tomlinson on LinkedIn
Cybersecurity Group on LinkedIn
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Cybersecurity Challenges and Insights with Industry Analyst Jonathon Gordon

Tue, 07 Jan 2025 04:00:00 -0700

Jonathon Gordon, Director of Industrial Cybersecurity at TakePoint Research, dives into the intricate world of OT cybersecurity.

From the disconnect between vendors and asset owners to the complexities of managing diverse remote access technologies, Jonathon shares actionable insights and real-world insights addressing the most pressing cybersecurity challenges in critical infrastructure and manufacturing sectors.

He discusses the evolving role of automation technology vendors, the growing significance of AI and machine learning, and the pressing need for diversity and knowledge-sharing in the cybersecurity workforce.

This conversation is a must-listen for anyone navigating the multifaceted world of OT security and seeking practical strategies for cybersecurity resilience.

Chapters:

00:00:00 – Why Safety is the Non-Negotiable Priority in OT Cybersecurity
00:00:42 – Introducing Jonathon Gordon: Insights from an Industry Analyst
00:01:15 – The Evolution of Industrial Cybersecurity: A Changing Landscape
00:03:00 – Bridging the Gap: Connecting Vendors and Asset Owners Effectively
00:07:49 – The Role of Automation Giants: Siemens, Honeywell, and Beyond
00:13:14 – Remote Access Risks: Addressing One of OT's Greatest Vulnerabilities
00:15:13 – Regulations and Compliance: Balancing Standards with Real-World Security
00:18:28 – AI and Innovation: Shaping the Future of OT Cybersecurity
00:24:42 – Building Resilience Through Diversity and Community Collaboration
00:28:04 – Final Reflections: Key Takeaways for Long-Term Cybersecurity Success

Links And Resources:

Jonathon Gordon on LinkedIn
TakePoint Research
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

OT Cybersecurity Insights with Lauren Blocker, Rockwell Automation

Tue, 17 Dec 2024 04:15:00 -0700

In this week's episode, Lauren Blocker of Rockwell Automation, shares insights on the evolving landscape of industrial cybersecurity.

From overcoming the challenges of legacy systems to building standards-based security frameworks, Lauren highlights strategies to elevate cybersecurity in manufacturing and beyond.

She emphasizes the importance of aligning IT and OT perspectives, addressing obsolescence risks, and fostering proactive approaches to safeguard critical infrastructure.

Tune in to learn how to bridge the gap between compliance and holistic security while navigating the complexities of the industrial cybersecurity journey.

Chapters:

00:00:00 - The Role of Cybersecurity Insurance in Industrial Cybersecurity
00:00:54 - Introducing Lauren Blocker: Insights from a Leader in OT Security
00:01:20 - Connecting Industries: Early Career and Digital Transformation Evolution
00:02:59 - Transitioning to Cybersecurity: Lessons Learned and Industry Shifts
00:05:48 - Cybersecurity in Industrial Automation: Tackling Legacy Systems and Emerging Risks
00:08:28 - Overcoming OT Cybersecurity Challenges with Proactive Strategies
00:12:02 - What It Means to Build Cyber-Ready Machines and Systems
00:14:27 - Crafting Standards-Based Security Frameworks for Long-Term Success
00:28:08 - Rockwell Automation’s Approach to Cybersecurity and Industry Leadership
00:30:07 - Final Insights: Aligning IT and OT for Holistic Security

Links And Resources:

Lauren Blocker on LinkedIn
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

Keys to Bridging the Industrial Cybersecurity IT/OT Gap

Tue, 10 Dec 2024 04:00:00 -0700

In this week's episode, Dino and Craig dive into the persistent disconnect between IT and OT teams and its impact on industrial cybersecurity.

They explore why IT tools often fall short on the plant floor and provide actionable insights to achieve true IT/OT convergence.

From addressing the challenges of resource gaps to fostering collaboration between teams, this conversation sheds light on practical strategies to bridge the divide and create a unified approach to industrial cybersecurity on the plant floor and for critical infrastructure.

Chapters:

00:00:00 - Why Local Collaboration is Critical for Cybersecurity Success
00:01:07 - Meet Dino and Craig: Experts in IT/OT Integration
00:01:49 - Unpacking the Challenges of IT/OT Convergence
00:02:28 - Why IT and OT Teams Often Struggle to Align
00:04:48 - Building Collaborative Frameworks for Stronger Cybersecurity
00:07:33 - The Role of CIOs and CISOs in Driving Change
00:08:44 - Navigating the Complexities of Diverse Plant Environments
00:10:23 - Partnering with Vendors to Enhance Security Outcomes
00:11:16 - Key Questions to Evaluate System Integrators Effectively
00:16:35 - Using Tabletop Exercises to Align IT and OT Teams
00:22:20 - Closing Thoughts: Bridging the Divide for Unified Cybersecurity

Links And Resources:

Industrial Cybersecurity LinkedIn Group
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn
Jim Cook on LinkedIn
Velta Technology

The Future Looks Bright : Building a Career in OT Cybersecurity

Tue, 19 Nov 2024 04:00:00 -0700

Explore the fast-evolving field of OT cybersecurity with Emma Duckworth, a professional whose journey from chemical engineering to securing operational technologies highlights the growing need for cross-functional collaboration in industrial environments.

Emma shares her experiences working on the plant floor, the challenges of uniting IT and OT teams, and the role of emerging technologies like intrusion detection and prevention systems in safeguarding manufacturing processes.

Gain practical insights into career paths, mentorship, and the critical importance of hands-on learning in this dynamic industry.

Chapters:

00:00:00 - A Fresh Look at OT Cybersecurity
00:01:29 - From Chemical Engineering to Cybersecurity: Emma's Path
00:02:36 - Thriving in a Rapidly Evolving Industry
00:04:35 - Tools of the Trade: Technologies Transforming OT Security
00:05:21 - Bridging the Gap: IT and OT Collaboration Challenges
00:08:25 - The Cutting Edge: Emerging Trends and Remote Access
00:10:20 - Building a Cybersecurity Career: Emma’s Advice
00:15:03 - Looking Ahead: Emma’s Vision for the Future
00:18:08 - Key Takeaways and Parting Insights

Links And Resources:

Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

Hackers and the Holidays: Strengthening Industrial Cybersecurity

Tue, 12 Nov 2024 04:00:00 -0700

As the holidays approach, manufacturing and critical infrastructure organizations face unique cybersecurity challenges due to reduced staffing and associated increased vulnerabilities.

This episode delves into practical strategies for senior leaders and plant managers to secure their operational technology (OT) environments without disrupting production.

By adopting continuous monitoring, fostering cross-functional IT-OT collaboration, and engaging OT-specific vendors, organizations can reinforce their cyber resilience.

Through real-life scenarios, the hosts discuss how proactive planning and structured security practices are vital to maintaining operational continuity and mitigating risks in complex industrial settings.

Chapters:

00:00:00 - Introduction to Cybersecurity Challenges During the Holiday Season
00:00:52 - Cybersecurity Missteps Putting the C-Suite at Risk
00:14:06 - Holidays & Hackers: Keeping Industrial Control Systems Safe

Links And Resources:

Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

The Future Looks Bright : Insights & Advice for Next Gen Cybersecurity Leaders

Tue, 05 Nov 2024 04:00:00 -0700

OT Cybersecurity Engineer, Noah Duckworth, joins Dino Busalachi for this episode. They discuss the challenges and nuances of industrial cybersecurity, as he shares insights from his experience working in the OT (Operational Technology) cybersecurity space.

Noah talks about the complexities of integrating traditional IT cybersecurity measures within industrial networks, the specific tools and practices used, and the importance of safe, industry-specific approaches to vulnerability management.

He also provides a perspective on various industrial sectors, such as food and beverage and transportation, and how cybersecurity requirements vary across different verticals and environments.

This episode offers valuable insights into the evolving field of OT cybersecurity and practical advice for professionals interested in protecting critical infrastructure as well as entering the field of industrial cybersecurity.

Chapters:

00:00:00 - Introduction to Engineering Problem-Solving in Cybersecurity
00:00:46 - Guest Introduction: Meet OT Cybersecurity Engineer & Expert Noah Duckworth
00:00:58 - Noah’s Path into OT Cybersecurity and His Industry Experience
00:02:13 - Key Differences Between OT and IT Cybersecurity
00:03:01 - Addressing Common OT Cybersecurity Challenges and Tools
00:06:22 - Navigating Cybersecurity Across Industrial Sectors
00:08:06 - Insights for New Professionals in Industrial Cybersecurity
00:10:13 - The Evolving Landscape of OT Cybersecurity
00:15:22 - Inspiring the Next Generation of Cybersecurity Leaders
00:16:35 - Closing Thoughts: Practical Advice for Early-Career Professionals

Links And Resources:

Velta Technology
Noah Duckworth on LinkedIn
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

CISA’s Role in Supporting Asset Owners & Government Sectors with Cybersecurity

Tue, 29 Oct 2024 04:00:00 -0700

This episode we dive into the critical strategies necessary for securing operational technology (OT) environments, with OT/ICS Strategy Lead at CISA, Danielle Jablanski.

Danielle explores the evolving role of CISA in assisting asset owners and government sectors, emphasizing the importance of collaboration and understanding in cybersecurity.

From building resilience against "shiny object syndrome" to prioritizing effective incident response and vendor relationships, this conversation provides valuable insights into crafting an actionable, sustainable OT security strategy.

Danielle also shares how workforce development is crucial in creating a robust cybersecurity posture and discusses CISA’s approach to integrating AI and machine learning into OT security cautiously and strategically.

Chapters:

00:00:00 - Understanding Outsourcing and Effective Incident Management in OT
00:01:21 - Welcoming Danielle Jablanski from CISA to the Show
00:01:47 - CISA’s Expanding Role in Supporting Critical Infrastructure Security
00:03:32 - Key Challenges Facing OT Cybersecurity Today
00:06:27 - Navigating the Convergence of IT and OT Security
00:11:36 - CISA’s Approach to Risk Management and Its Global Impact
00:13:40 - Overview of CISA Services and Regional Cybersecurity Initiatives
00:16:36 - Enhancing Incident Response Capacity and Cross-Agency Coordination
00:17:30 - Fusion Centers: Interagency Collaboration for Better Threat Intelligence
00:18:55 - Guiding Organizations in Reporting and Responding to Incidents
00:21:03 - Developing Effective Incident Response Playbooks for OT Environments
00:22:08 - Opportunities and Risks of AI in OT Cybersecurity
00:24:32 - Emerging Threats: Targeted Attacks on Control Systems
00:27:00 - Final Thoughts on Workforce Development and Building Cybersecurity Resilience

Links And Resources:

Danielle Jablanski on LinkedIn
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

AI, Global Trends, and More: A Glimpse into the Future of OT Cybersecurity with Claroty

Tue, 22 Oct 2024 04:00:00 -0700

In this week's episode, Dino Busalachi is joined by Gary Kneeland from Claroty. With over nine years of experience at Claroty, Gary discusses the evolution of OT security, the convergence of IT and OT, and the growing importance of cybersecurity in protecting critical infrastructure.

The conversation touches on how regulatory changes, ransomware threats, and AI advancements are shaping the industry.

Whether you’re dealing with outdated systems or navigating complex industrial environments, this episode provides practical insights into the challenges and opportunities ahead.

Chapters:

00:00:00 - Pandemic's Impact on Critical Infrastructure
00:01:08 - Introduction to Gary Neelan and Claroty
00:01:41 - Gary's Role in OT Cybersecurity
00:02:49 - Evolution of OT Cybersecurity: From Compliance to Strategy
00:05:23 - IT and OT Convergence: Securing Cyber-Physical Systems
00:09:46 - Addressing Complex Challenges in OT Cybersecurity
00:11:56 - OT Cybersecurity Talent Shortage and Managed Services
00:13:01 - Future of OT Cybersecurity: Adapting to New Threats
00:14:36 - Modernizing Manufacturing Systems for Enhanced Security
00:15:52 - Global Cybersecurity Trends in Critical Infrastructure
00:18:01 - Regional OT Cybersecurity Challenges and Responses
00:25:01 - The Role of AI in Defending OT Environments
00:28:19 - Final Thoughts on OT Cybersecurity's Future

Links And Resources:

Gary Kneeland on LinkedIn
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

Women in STEM: Bridging the Talent Gap in Industrial Cybersecurity

Tue, 15 Oct 2024 04:00:00 -0700

Craig sits down with Jessica Cook, a computer science engineering senior at Mississippi State University, to explore her journey into industrial cybersecurity.

From discovering her passion for tech in high school to gaining hands-on experience in OT cybersecurity, Jessica discusses how internships and real-world exposure have shaped her understanding of the industry.

She talks about the exciting evolution of industrial careers, highlighting how traditional manufacturing roles are becoming more technical and data-driven.

Jessica shares valuable advice on building relationships, leveraging networking opportunities, and overcoming the challenges of being a woman in a traditionally male-dominated field.

As she prepares to graduate, she reflects on her career path and the opportunities ahead in cybersecurity and OT.

Chapters:

00:00:00 - Introduction and Jessica’s Background in Cybersecurity
00:01:19 - Discovering a Passion for Tech and Breaking Into STEM
00:03:11 - Industrial Cybersecurity: Navigating a Changing Landscape
00:05:29 - Mississippi State’s Cybersecurity Program and Its Growth
00:06:58 - Real-World Experience: Internships and Co-Ops in OT Cybersecurity
00:10:06 - Key Courses and Mentors Shaping a Cybersecurity Career
00:14:30 - Leadership, Networking, and Extracurriculars in Engineering
00:19:06 - Practical Advice for Students and Early-Career Professionals
00:21:15 - Looking Ahead: Graduation and Career Prospects in OT Cybersecurity

Links And Resources:

Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

How CISOs Are Bridging the Gap between OT and IT Cybersecurity

Tue, 08 Oct 2024 04:00:00 -0700

In this rewind episode, we explore the critical role CISOs play in bridging the gap between operational technology (OT) and enterprise cybersecurity.

With manufacturing and critical infrastructure facing increasing cyber threats, CISOs must navigate both the boardroom and the plant floor to secure complex environments without disrupting production.

This discussion focuses on the importance of risk assessment, real-time monitoring, and the adoption of specialized cybersecurity tools.

The episode highlights the need for cross-functional collaboration, leveraging external expertise, and shifting toward proactive, secure-by-design approaches.

It also addresses the vulnerabilities in supply chains, the limitations of relying on cybersecurity insurance, and the necessity of actionable, strategic measures to protect industrial environments.

Chapters:

00:00:00 - Kicking Off: How CISOs Are Redefining Industrial Cybersecurity from the Ground Up
00:00:54 - Cybersecurity Missteps Putting the C-Suite at Risk
00:12:31 - CISO Resignations: Is the Industrial Sector Prepared for the Fallout?
00:23:43 - Securing Critical Assets: What Every CISO Should Know

Links And Resources:

Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

OT Cybersecurity Lessons from the Trenches Revisited

Tue, 01 Oct 2024 04:00:00 -0700

In this reflective episode, we revisit the real-world challenges of securing industrial environments, where the intersection of IT and OT often creates unforeseen cybersecurity vulnerabilities.

From mismanaged remote access to the critical need for continuous asset monitoring, our experts dive deep into the lessons learned from boots on the ground work in the field.

They share insights on managing OT cybersecurity risks while maintaining production uptime and operational integrity.

This episode provides invaluable takeaways for those navigating the complexities of protecting industrial networks, offering practical solutions for balancing security with operational demands.

Chapters:

00:00:00 - A rewind to the biggest OT cybersecurity lessons and surprising moments!
00:01:05 - Missteps and Common Blunders with Manufacturing, ICS and Cybersecurity
00:10:26 - Industrial Cybersecurity Lessons From the Field
00:20:19 - The State of OT Cybersecurity From the Field

Links And Resources:

Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

Securing Critical Assets: What Every CISO Should Know

Tue, 24 Sep 2024 04:00:00 -0700

In this episode, Craig and Dino explore the evolving responsibilities of the CISO in managing cybersecurity within operational technology (OT) environments.

They address the persistent disconnect between IT and OT teams and the unique challenges CISOs face in bridging this gap.

With a focus on collaboration, they discuss the critical role of external partnerships and the importance of understanding the industrial landscape to implement effective security measures.

The conversation highlights how CISOs can balance rigorous cybersecurity protocols with operational demands, ensuring both safety and continuous uptime in complex industrial systems.

Chapters:

00:00:00 - Prioritizing Safety and Minimizing Downtime
00:00:48 - The Evolving Role of CISOs in Operational Technology (OT)
00:02:11 - Overcoming IT and OT Collaboration Challenges
00:03:09 - The Persistent Disconnect Between IT and OT
00:04:06 - CISOs' Responsibility for OT Security
00:05:08 - Balancing Security and Operational Uptime
00:06:57 - The Role of External Resources in Cybersecurity
00:11:38 - Limited CISO Interaction with the Board
00:20:38 - The Realities of Relying on Cybersecurity Insurance
00:24:18 - Conclusion: Moving Forward with IT-OT Collaboration

Links And Resources:

Velta Technology
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Zero Day to Virtual Patching: Cybersecurity Solutions A-Z with TXOne Networks Revisited

Tue, 17 Sep 2024 04:00:00 -0700

We revisit key insights from past conversations with Dave Purdy and Debbie Lay of TXOne Networks, who shared their expertise on the critical cybersecurity challenges facing industrial environments.

The episode delves into innovative solutions such as virtual patching and deep packet inspection, which are vital for securing legacy systems without causing operational disruption.

With a focus on mitigating zero-day vulnerabilities and ransomware threats, the discussions also emphasize the importance of bridging the IT/OT divide to create cohesive, secure environments.

This episode provides actionable strategies for professionals responsible for managing the cybersecurity of critical infrastructure in sectors like energy, manufacturing, and utilities.

Chapters

00:00:00 – Introduction to Key Cybersecurity Challenges in Industrial Environments
00:01:19 – Why Visibility is Critical for Securing Industrial Operations
00:01:36 – TXOne Networks' Native Protocols and the Power of Deep Packet Inspection
00:02:53 – Addressing Zero-Day Vulnerabilities through the Zero Day Initiative
00:04:26 – Personal Insights and Fun Facts from Industry Experts
00:05:23 – Overcoming Barriers to Industrial Cybersecurity Adoption
00:06:35 – IT-OT Collaboration: A Must for Comprehensive Cybersecurity
00:09:22 – Global Cybersecurity Trends and Adoption in Industrial Sectors
00:10:54 – Virtual Patching: A Game-Changer for Securing OT Systems
00:13:50 – Navigating IT-OT Convergence for Improved Security Outcomes
00:19:30 – TXOne's Innovative Security Solutions for Industrial Environments

Links And Resources:

Crowdstrike, Virtual Patching, and Industrial OT Environments with Debbie Lay
Unmasking Industrial Cybersecurity Threats and Solutions with Dave Purdy
Velta Technology
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Proactive vs. Reactive Cybersecurity: A Strategic Communications Perspective

Tue, 10 Sep 2024 04:00:00 -0700

In this week's episode, Craig Duckworth and LuRae Lumpkin dive into the critical need for translating high-level cybersecurity solutions and priorities into clear, succinct communication across the industrial cybersecurity industry.

They focus on bridging the communication gap between IT and OT teams, discussing how a unified approach from both leadership and operations can strengthen security efforts.

The episode highlights evolving strategies for addressing breaches, improving risk management, and safeguarding critical infrastructure.

Key takeaways include the importance of tailoring cybersecurity communication to different audiences, implementing proactive measures, and fostering a consistent, organization-wide message that integrates cybersecurity into the core culture regardless of the organization.

Chapters:

00:00:00 - Setting the Stage: Why Cybersecurity Communication Matters
00:00:54 - LuRae Lumpkin's Proven Expertise in Industrial Cybersecurity
00:01:34 - How Cybersecurity Messaging Has Evolved Across IT and OT
00:04:49 - Lessons from Major Cyber Breaches: What You Need to Know
00:06:47 - Why Being Proactive is Crucial in Cybersecurity Communication
00:08:41 - Building a Cybersecurity-Driven Culture from the Top Down
00:10:44 - Simplifying Complex Cybersecurity Issues for Maximum Impact
00:12:30 - Making Cybersecurity a Company-Wide Priority
00:14:15 - Bridging the Communication Gap Between IT and OT
00:16:00 - Creating a Unified Language Across Teams
00:18:45 - The Role of External Vendors in Cybersecurity Communication
00:20:27 - Practical Advice to Strengthen Your Organization's Cybersecurity
00:24:39 - Final Insights on Fostering a Cyber-Aware Organization

Links And Resources:

LuRae Lumpkin on LinkedIn
Velta Technology
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

From Legacy Systems to Ransomware: The Evolution of OT Cybersecurity

Tue, 03 Sep 2024 04:00:00 -0700

In this episode, Craig Duckworth is joined by Roger Hill, founder of Hillstrong Group Security.

Roger is a seasoned 30-year industry veteran in the field of industrial automation and cybersecurity. He joins Craig to discuss the critical challenges and emerging trends in industrial cybersecurity.

From the evolution of security practices in industrial environments to the complexities of integrating modern solutions with legacy systems, Roger offers invaluable insights.

He delves into the importance of breaking down silos between IT and OT teams, the rise of ransomware as a major threat, and the need for collaborative approaches to secure critical infrastructure.

Whether you're grappling with aging systems or looking to future-proof your OT security, this conversation is packed with practical advice and forward-thinking strategies.

Chapters:

00:00:00 - Introduction to OT Cybersecurity
00:00:46 - Meet Roger Hill: A Veteran in Industrial Automation and Cybersecurity
00:00:57 - How OT Security Has Evolved Over 30 Years
00:01:52 - The Impact of Stuxnet: A Turning Point in OT Cybersecurity
00:03:41 - Navigating Emerging Technologies and the Rising Ransomware Threat
00:05:32 - Overcoming Challenges in Adopting New Technologies
00:07:13 - Why Context and Visibility Are Key to Effective OT Security
00:09:10 - Budgeting and Governance: The Backbone of OT Security
00:11:13 - Breaking Down Silos: The Critical Role of IT and OT Collaboration
00:13:00 - Challenges in Global OT Security: Governance and Compliance
00:14:50 - The Aging Workforce Problem: Building and Retaining Talent
00:17:00 - Importance of Cross-Functional Teams in OT Security
00:23:24 - What’s Next? The Future of OT Cybersecurity
00:28:29 - Final Thoughts: Practical Advice and Forward-Looking Strategies

Links And Resources:

Roger Hill on LinkedIn
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

How CISA Supports Cybersecurity from Critical Infrastructure to Elections

Tue, 27 Aug 2024 04:00:00 -0700

Chris Cockburn, Cybersecurity Advisor at CISA, shares his insights on how CISA supports industrial cybersecurity from critical infrastructure to elections.

We explore the impact of state-sponsored cyber threats, the importance of securing emerging technologies like AI through the "Secure by Design" initiative, and the role of government-private sector partnerships in building a resilient cybersecurity posture.

He shares the free resources available to support industrial cybersecurity including Fusion Centers. Whether it's defending against sophisticated cyber attacks or ensuring the integrity of our election systems, this episode provides essential guidance for securing the future of critical infrastructure.

Chapters:

00:00:00 - Introduction to AI security concerns in critical infrastructure
00:00:59 - Meet Chris Cockburn, cybersecurity expert from CISA
00:01:10 - Chris Cockburn’s journey from DoD to CISA
00:02:21 - Overview of global industrial cybersecurity challenges
00:03:35 - How CISA collaborates to strengthen cybersecurity
00:04:52 - Regional cybersecurity support for critical sectors
00:05:49 - Tackling resource challenges in cybersecurity
00:08:03 - Continuous efforts to secure election systems
00:09:26 - Navigating the complexities of IT/OT convergence
00:12:36 - Making the most of cybersecurity insurance
00:15:08 - Ensuring AI is secure by design
00:19:06 - CISA’s partnership with Idaho National Lab for cybersecurity training
00:20:48 - Key strategies for building cyber resilience
00:22:09 - Fusion Centers: Enhancing collaboration in cybersecurity
00:23:53 - Final thoughts on the future of cybersecurity

Links And Resources:

Chris Cockburn on LinkedIn
CISA Cybersecurity Resources and Tools
Dino Busalachi on LinkedIn

Vendor and Version Lock Threats to Industrial Cybersecurity

Tue, 20 Aug 2024 04:00:00 -0700

In this episode, Dino and Craig dive into the complexities of cybersecurity in the operational technology (OT) space, focusing on the challenges posed by vendor lock, version lock, and outdated systems.

They explore the disconnect between IT and OT teams, emphasizing the need for collaboration to secure industrial environments effectively.

The discussion highlights practical strategies like virtual patching and microsegmentation to mitigate risks, stressing the importance of working with the right partners to protect legacy systems while maintaining production efficiency.

Chapters:

00:00:00 - Introduction to Equipment Life Cycle
00:00:56 - Key Challenges in Operational Technology (OT)
00:01:24 - The OEM Blockade: A Barrier to Progress
00:02:09 - Unpatched Vulnerabilities in Newly Installed Equipment
00:04:22 - Bridging the Gap: IT and OT Collaboration Issues
00:05:40 - Practical Solutions: Compensating Controls
00:06:48 - The Realities of IT and OT Convergence
00:09:00 - Shared Infrastructure Risks
00:12:00 - The Gap in Due Diligence on the Plant Floor
00:14:00 - The Need for Better OT Cybersecurity Practices
00:16:00 - Finger-Pointing in OT Environments
00:19:21 - Why Process Integrity Matters in OT
00:24:02 - Final Thoughts: Moving Forward in OT Security

Links And Resources:

Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

The Human Factor : Securing Your Industrial Assets

Tue, 06 Aug 2024 04:00:00 -0700

In this episode, Dino Busalachi and Craig Duckworth dive into the complexities of human factors and industrial cybersecurity. They discuss the need for robust cybersecurity awareness at all levels, and the challenges of integrating IT and OT environments.

The conversation highlights real-world scenarios, from phishing attacks to internal threats, and emphasizes the importance of building a strong cybersecurity culture.

Dino and Craig also explore strategies for improving visibility, managing remote access, and ensuring compliance with industry regulations, offering actionable insights for industrial professionals.

Chapters:

00:00:00 - Kicking Off: Why Industrial Cybersecurity Matters
00:01:17 - The Human Element: Cybersecurity's Biggest Challenge
00:02:14 - Plant Floor Realities: Tackling Cyber Threats on the Ground
00:03:20 - Boosting Awareness: Training for a Secure Future
00:05:41 - Breaking Barriers: Overcoming OEM and IT Hurdles
00:08:10 - Culture Shift: Building a Cybersecurity-First Organization
00:09:32 - Top-Level Insight: Managing Executive Challenges and Costs
00:16:10 - Outsourcing Excellence: Best Practices for OT Cybersecurity
00:25:26 - Zero Trust Unpacked: Enhancing Cyber Hygiene
00:26:49 - Wrapping Up: Key Takeaways and Final Thoughts

Links And Resources:

Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

Crowdstrike, Virtual Patching and Industrial OT Environments with Debbie Lay, TXOne Networks

Tue, 30 Jul 2024 04:00:00 -0700

Dino Busalachi sits down with Debbie Lay, Senior Solutions Architect from TXOne Networks, in this week's episode, to discuss challenges and innovative solutions in OT cybersecurity.

They cover the ongoing issues of outdated systems, the complexities of IT and OT convergence, and the benefits of virtual patching as a method for securing OT environments and legacy equipment. They also address the impact of the Crowdstrike event on Industrial OT environments.

Debbie shares her extensive experience and insights into how industries can safeguard their operations from ransomware and other threats without disrupting production.

This episode provides perspectives on managing cybersecurity in industrial environments, and the importance of collaboration between IT and OT teams.

Tune in to understand how virtual patching can be an effective approach to protect critical assets on the plant floor!

Chapters:

00:00:00 - Introduction to OT Cybersecurity
00:01:02 - Debbie Lay's Journey into OT Cybersecurity
00:02:13 - Challenges of Implementing IT Solutions in OT
00:04:17 - Virtual Patching in OT Environments: Securing Legacy Equipment
00:07:17 - IT and OT Convergence: Complexities and Solutions
00:08:21 - Bridging the IT-OT Gap: Importance of Collaboration
00:12:57 - TXOne Technologies for Enhancing OT Security
00:14:40 - The Impact of Cloud-Based Solutions on OT Operations
00:18:46 - Collaboration: A Critical Component in OT Security
00:20:12 - Industry Trends and Key Challenges in OT Cybersecurity
00:23:49 - Conclusion and Insights on Future Discussions

Links And Resources:

Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

Patch Management and Software Updates: IT versus OT

Tue, 23 Jul 2024 04:00:00 -0700

Craig and Dino dig into the differences and nuances of patch management and software updates comparing IT versus Operational Technology (OT) environments.

They explore the distinct challenges that OT systems face with software updates, and risks associated with patch management, including potential operational disruptions and risks of downtime.

They discuss the importance of IT understanding the OT risks and challenges of updating software and implementing patches to ICS and OT equipment.

The conversation highlights innovative solutions like virtual patching, the role of OEMs, and the critical need for a strategic, collaborative approach to cybersecurity in industrial settings.

Chapters:

00:00:00 - Introduction to Patching Challenges
00:01:08 - IT vs OT Patching: Key Differences
00:02:55 - Understanding the Cost of Downtime in OT
00:03:32 - Overcoming Challenges with Legacy Systems
00:05:21 - Navigating OEMs and Safety Concerns
00:06:45 - The Role of Safety in OT Patching
00:08:52 - Exploring Virtual Patching Solutions
00:13:11 - Enhancing Vendor Collaboration and Risk Management
00:16:48 - Impact of Mergers and Acquisitions on Cybersecurity
00:18:33 - Addressing Insurance and Compliance Issues
00:20:12 - Significant Consequences of Not Patching
00:23:14 - Building an Effective Collaborative Cybersecurity Strategy
00:24:03 - Conclusion and Actionable Insights

Links And Resources:

Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

Future Trends in Industrial Cybersecurity with Sandeep Lota of Nozomi Networks

Tue, 16 Jul 2024 04:00:00 -0700

In this episode, cybersecurity expert Sandeep Lota, Nozomi Networks Field CTO, joins Dino Busalachi to discuss the challenges and innovations in OT cybersecurity.

Key topics they explore include dealing with the evolution of OT security tools, the challenges with IT-OT convergence, and the increasing importance of continuous monitoring.

Sandeep also talks about the role of OEM partnerships and the rising trend of managed services. Tune in to stay ahead of the curve!

Chapters

00:01:00 - Meet Sandeep Lota of Nozomi Networks
00:02:00 - Cybersecurity Journey and Milestones
00:03:00 - IT vs OT: The Convergence Challenge
00:05:00 - OEM Partnerships in Security
00:07:00 - Future Trends in OT Security
00:10:00 - Why Continuous Monitoring Matters
00:11:00 - The Boom in Managed Services
00:18:00 - Nozomi Networks' Global Impact
00:19:00 - Key Takeaways and Final Thoughts

Links And Resources:

Sandeep Lota on LinkedIn
Nozomi Networks
Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

Top Takeaways: Why IT and OT Must Unite Now

Tue, 02 Jul 2024 04:00:00 -0700

This episode focuses on the critical intersection of IT and OT in industrial cybersecurity.

Featuring discussions on strategic partnerships and validated designs, the episode addresses the challenges of data protection, digital safety, and asset inventory.

The conversation goes into how companies can better secure their operations by integrating IT and OT, leveraging new technologies, and improving operational efficiency.

The speakers also share insights on the evolving landscape of cybersecurity and the importance of collaboration between different departments within organizations to mitigate risks and ensure safety.

Chapters:

00:00:00 - Welcome to Industrial Cybersecurity Insiders!
00:01:20 - Cybersecurity and Data Protection in Modern Manufacturing with Jim Fledderjohn, Dell Technologies
00:07:12 - The Future of Cybersecurity Insurance with Observatory Holding’s CEO, Gerry Kennedy
00:13:59 - Unmasking Industrial Cybersecurity Threats and Solutions with Dave Purdy of TXOne Networks
00:23:21 - Cybersecurity A-Z in Manufacturing and Industrial Sectors with Armis CTO, Mick Coady

Links And Resources:

Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

SEC Cybersecurity Rulings: Are Public Companies Really Ready?

Tue, 25 Jun 2024 04:00:00 -0700

Craig Duckworth and Dino Busalachi discuss the pressing issue of cybersecurity compliance for publicly traded companies under new SEC regulations.

They discuss the reasons behind the low number of reported breaches, including national security exemptions and potential corporate negligence.

Craig and Dino address the challenges companies face in safeguarding their operations, from inadequate incident response plans to the ins and outs of securing industrial control systems.

Tune in to understand why transparency and proactive measures are essential for protecting both companies and their investors.

Chapters:

00:00:00 - Introduction: The True Cost of Cybersecurity Neglect
00:01:00 - Craig and Dino Unpack the SEC Rulings for Public Companies
00:02:29 - National Security Exemptions: A Double-Edged Sword
00:03:42 - The Complexities of Supply Chain Cybersecurity
00:05:32 - The CISO's Dilemma: Balancing Security and Operations
00:08:32 - Financial Fallout from Cybersecurity Failures
00:10:03 - Incompetence or Intentional? Unveiling Cybersecurity Failures
00:17:10 - The Role of Insurance in Cybersecurity Breach Mitigation
00:18:00 - Call to Action: Practical Steps to Improve Cybersecurity
00:21:47 - Conclusion and Final Thoughts: Taking Responsibility

Links And Resources:

Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

CISO Resignations: Is the Industrial Sector Prepared for the Fallout?

Tue, 18 Jun 2024 04:00:00 -0700

Dino Busalachi and Craig Duckworth, CTO and CEO of Velta Technology, respectively, tackle the inherent risks of CISO resignations.

They discuss the immense stress and challenges that put these crucial roles at risk.

They talk about the unique struggles CISOs face in managing industrial cybersecurity, where outdated systems and a lack of authority compound their difficulties.

Dino and Craig also address the critical disconnect between IT and OT environments, the importance of on-the-ground involvement, and the need for a collaborative approach to secure industrial operations.

Tune in to understand why the role of a CISO has become untenable for many and what can be done to address this growing issue.

Chapters:

00:00:00 - Introduction to the Unpatchable Environment: Why It's a Problem
00:01:39 - The Great Resignation of CISOs: Unveiling the Reasons
00:02:05 - Manufacturing's Unique Cybersecurity Struggles
00:03:08 - Stress and Responsibility: The CISO's Daily Battle
00:04:13 - Modern Cybersecurity: Why It's So Complex
00:05:00 - IT vs. Plant Management: Bridging the Gap
00:07:06 - Senior Leadership's Role in Cybersecurity: Are They Doing Enough?
00:08:39 - IT and OT Collaboration: The Key to Security
00:10:12 - Third-Party OT Suppliers: A Hidden Risk
00:12:00 - The Wild West of Cyber-Physical Connections
00:14:23 - Regulations and Realities: Why Compliance Falls Short
00:16:40 - The Reality of Cybersecurity Threats: What You Need to Know
00:20:00 - Flat Networks: The Hidden Danger
00:23:38 - Conclusion: A Call to Action for CISOs

Links And Resources:

Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

Exposing the Gaps: Railway Systems and Cyber Threats with Miki Shifman, Co-Founder and CTO of Cylus

Tue, 11 Jun 2024 04:00:00 -0700

Miki Shifman, co-founder and CTO of Cylus, shares his perspective on the unique cybersecurity challenges in the railway industry.

They discuss the need for specialized security measures to protect the complex and vulnerable rail systems.

Miki shares insights on how Cylus has developed solutions tailored to this sector, addressing both current gaps and future threats.

They discuss the importance of automation in security processes and the evolving landscape of rail safety.

Chapters:

00:00:00 - Welcome to Industrial Cybersecurity Insider
00:01:03 - Introducing Dino Boussalaki and Mickey Schiffman
00:01:56 - Tackling the Unique Cybersecurity Challenges in Railways
00:02:52 - Why Generic OT Security Doesn't Cut It for Rail Systems
00:05:37 - Ensuring Safety and Process Integrity in Rail Operations
00:07:45 - Overcoming the Reluctance to Change in Rail Cybersecurity
00:10:22 - Navigating Government Regulations and Security Controls
00:11:56 - How OEMs are Adapting to New Cybersecurity Demands
00:13:45 - Implementing Security Without Disrupting Operations
00:17:30 - The Evolution of OEM Security Practices in Rail Systems
00:20:00 - Cybersecurity Insurance: What Rail Operators Need to Know
00:21:53 - Closing Insights and Essential Takeaways

Links And Resources:

Miki on LinkedIn
Cylus
Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

The Air Gap Myth: How Misinformation Is Endangering Your Plant Floor

Tue, 04 Jun 2024 04:00:00 -0700

In this week's episode, Dino and Jim, CTO and COO for Velta Technology, discuss the misconceptions surrounding the security of operational technology in industrial settings.

They debunk the common belief around air-gapped systems, explaining how these are usually not as isolated as many think.

Dino and Jim talk about real-world examples of oversight and communication gaps that compromise plant operational security, stressing the need for better collaboration between IT and operational staff to safeguard critical infrastructure.

They also address the struggles of implementing cybersecurity measures on the plant floor, which are absolutely necessary to prevent costly downtime and protect against external threats.

Chapters:

00:00:00 - Kickoff: Unpacking Industrial Cybersecurity
00:00:51 - Introducing Your Guides: Dino and Jim
00:01:13 - Myth Busting: The Truth About OT Air Gaps
00:02:08 - Tales from the Plant Floor: Examples of Miscommunication
00:04:47 - Connectivity Challenges: The Realities of Remote Support
00:06:25 - The High Cost of Downtime: Strategies for Effective Remote Access
00:07:38 - Securing the Plant: Cybersecurity’s Critical Role in Operations
00:11:59 - Initiating the Hunt: Identifying and Closing Security Gaps
00:14:07 - Navigating Complex Plant Networks: Mergers, Acquisitions, and Legacy Systems
00:16:33 - Cybersecurity Ownership: Who's in Charge Here?
00:18:58 - Building Cybersecurity Practices in OT Supplier Networks
00:20:45 - Supply Chain Security: Bridging the Gap Between IT and OT
00:22:21 - On-the-Ground Insights: Practical Steps for Securing Industrial Environments
00:24:02 - The Crucial Role of Continuous Monitoring in Cybersecurity
00:26:09 - Closing Insights: Key Takeaways and Future Directions

Links And Resources:

Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

Why Preventative Cybersecurity is the Future with Ed Turkaly, Schneider Electric’s Cybersecurity Management Director

Tue, 28 May 2024 04:00:00 -0700

Ed Turkaly, Cybersecurity Offer Management Director at Schneider Electric, discusses the convergence of IT and OT in industrial cybersecurity.

Ed talks about the challenges and strategies for securing critical infrastructures, focusing on the importance of proactive measures over mere detection.

He shares insights into Schneider Electric's innovative approaches to integrating cybersecurity solutions into their offerings, discussing the necessity of collaboration between IT and OT.

Ed also talks about addressing the complexities of industrial cybersecurity, making this episode a must-listen for anyone interested in the future of digital security.

Chapters:

00:00:00 - Introduction to Industrial Cybersecurity
00:01:13 - Ed Turkaly's Cybersecurity Journey
00:02:14 - Building Trust and Understanding Cybersecurity Needs
00:04:59 - Bridging the Gap: IT and OT Convergence in Cybersecurity
00:06:50 - Addressing OT Cybersecurity Challenges and Misconceptions
00:09:38 - The Role of Cybersecurity Insurance in Modern Business
00:10:38 - Schneider Electric’s Cybersecurity Strategies
00:14:10 - Partnering and Certification in Cybersecurity Solutions
00:16:17 - Client Engagement and Effective Cybersecurity Strategy
00:19:00 - Moving from Visibility to Prevention
00:22:00 - Importance of OEM Partnerships in Cybersecurity
00:24:38 - Future Trends in Preventative Cybersecurity Measures

Links And Resources:

Ed on LinkedIn
Schneider Electric
Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

The Truth About IT / OT Convergence with Andrew McPhee - Cisco

Tue, 21 May 2024 04:00:00 -0700

Cisco lead OT Security Solution Architect Andrew McPhee, sheds light on the often overlooked and misunderstood world of OT cybersecurity. He explains the complexities of combining IT and OT environments, emphasizing the hidden risks many industrial networks face.

Through real-world examples, Andrew reveals the dangers posed by outdated protocols and the importance of proper network segmentation and visibility in preventing costly shutdowns. With a mix of expert insights and practical advice, this episode is a wake-up call for those involved in maintaining and securing industrial control systems.

Don’t miss Andrew's eye-opening take on why your network might not be as secure as you think—and what you can do about it.

Chapters:

00:00:00 - Intro: Why IT Is Crucial for OT Network Success and Meet Andrew McPhee
00:01:39 - Inside the Job: What a Solution Architect Does
00:02:26 - Overcoming IT and OT Integration Hurdles
00:04:42 - Closing the IT and OT Skills Gap
00:06:00 - Real-World Examples of Skill Challenges
00:07:25 - Why Networking Knowledge is Essential in OT
00:08:40 - IT and OT: Different Worlds, Common Goals
00:09:30 - Training IT for OT: The Benefits and Hurdles
00:10:08 - Cisco's Journey in Industrial Networking
00:14:05 - New Cybersecurity Regulations: What They Mean for You
00:16:32 - Unpacking Cisco Cyber Vision: A Game Changer for OT Security
00:16:32 - Unpacking Cisco Cyber Vision: A Game Changer for OT Security
00:18:00 - How Cyber Vision Identifies Vulnerabilities
00:19:15 - Success Stories: Cyber Vision in Action
00:20:45 - The Importance of Visibility in OT Networks
00:22:10 - Balancing Passive and Active Network Monitoring
00:23:35 - Enhancing Security with Native Protocols
00:25:00 - The Role of Cyber Vision in Regulatory Compliance
00:26:20 - Preparing for Future Cybersecurity Threats
00:27:39 - AI's Potential in Strengthening OT Cybersecurity

Links And Resources:

Andrew on LinkedIn
Cisco
Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

Hidden Dangers in Your Devices: Exposing xIoT's Dark Side with John Vecchi, Phosphorous CMO

Tue, 14 May 2024 04:00:00 -0700

John Vecchi, CMO of Phosphorus Cybersecurity, gives us a look into the rapidly evolving landscape of xIoT security, revealing the hidden vulnerabilities within our everyday devices.

From casinos to hospitals, John breaks down the immense challenges and critical risks facing industries reliant on interconnected technology.

With a mix of personal experiences and expert insights, he offers a roadmap for strengthening defenses against increasingly sophisticated cyber threats.

Tune in to uncover how the unseen intricacies of IoT can impact security and what steps can be taken to safeguard our digital and physical worlds against the invisible dangers lurking within our connected devices.

Chapters:

00:00:00 - Kicking Off: The Critical Need for Cybersecurity Visibility
00:01:07 - Meet John Vecchi: Champion of Cybersecurity at Phosphorus
00:02:01 - Unveiling IoT: Its Role Across Industries from Gaming to Healthcare
00:03:15 - Case Study: Gaming Industry and IoT Vulnerabilities
00:04:30 - Discussion on Cyber Attacks in Recent Times
00:05:45 - The Expanding Threat Landscape in IoT
00:07:00 - John Vecchi's Insights on Preventative Security Measures
00:08:26 - Spotlight on Security: Tackling IoT's Hidden Vulnerabilities
00:11:24 - Blueprints for Defense: Effective Strategies to Secure IoT
00:13:50 - The Role of Default Credentials in IoT Security
00:15:35 - Firmware Updates: A Necessary Step in IoT Protection
00:17:10 - Addressing the Challenges of Patch Management
00:19:05 - Real-World Examples of Effective IoT Security Enhancements
00:22:30 - Seeing the Unseen: Why Knowing Your Digital Terrain is Vital
00:24:50 - Importance of Visibility in Cybersecurity
00:26:40 - John Vecchi on Cybersecurity Best Practices
00:28:15 - Future Trends in IoT and Cybersecurity
00:30:00 - Concluding Thoughts: Securing IoT for Tomorrow
00:32:02 - Wrapping Up: Key Takeaways and Looking Ahead in IoT Security

Links And Resources:

John Vecchi on LinkedIn
Phosphorus
Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

Building the Case for Cybersecurity Funding

Tue, 07 May 2024 04:00:00 -0700

Craig Duckworth and Jim Cook discuss the critical yet often overlooked topic of budgeting for operational technology (OT) cybersecurity.

Throughout their discussion, they address the challenges and necessities of securing funding from executive teams, framing the conversation around liability, risk management, and the dire need for strategic investment to safeguard critical infrastructure.

They highlight the nuanced divide between IT and OT responsibilities and emphasize the vital role of clear communication in making cybersecurity a top priority for corporate budgeting.

By exploring real-world scenarios and the potential consequences of neglecting cybersecurity in OT, this episode serves as a compelling call to action for organizations to reassess their approach to cybersecurity funding and strategy, ensuring they are adequately prepared to handle emerging threats in an increasingly connected world.

Chapters:

00:00:00 - Welcome to Velta Technology: Introductions and Today's Focus
00:01:31 - Navigating the Budget Cycle for OT Cybersecurity
00:02:11 - Bridging the IT-OT Divide: Whose Responsibility Is Cybersecurity?
00:04:51 - Building the Business Case for OT Cybersecurity Funding
00:09:49 - Understanding the Real-World Impacts of Cybersecurity Failures
00:11:43 - Strategies for Addressing OT Cybersecurity: From Awareness to Action
00:16:03 - Leveraging Technology and Building Capability for Cybersecurity
00:20:58 - Making the Case to Executives: Risk Management and Cybersecurity Insurance
00:22:41 - Exploring Options and Taking Action Against Cybersecurity Threats
00:28:12 - Navigating Cyber Insurance: Adjusting to New Realities in Risk Coverage
00:33:37 - Concluding Thoughts: The Importance of Starting Cybersecurity Initiatives

Links And Resources:

Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

Zero Trust : IT versus OT with Dino Busalachi and Jim Cook

Tue, 30 Apr 2024 04:00:00 -0700

Enjoy this episode as Dino Busalachi, CTO and Co-Founder of Velta Technology, and Jim Cook, COO of Velta Technology, have a discussion about the complexities and challenges of using Zero Trust security frameworks within operational technology (OT) environments.

They explore the nuanced differences between IT and OT landscapes, pointing out the different challenges that arise when applying IT-centric security strategies to the distinct and varied needs of industrial settings.

From the more straightforward IT Zero Trust framework to the complexities of trying to apply that approach and managing system vulnerabilities on the OT side, the conversation offers a rich combination of technical insight and real-world applications.

If you’re involved in the intersecting worlds of IT and industrial operations, this episode is sure to provide valuable lessons on securing technological infrastructures against modern threats while considering the operational realities of the plant floor.

Chapters:

00:00:00 - Kickoff: The High Stakes of Zero Trust in OT
00:03:09 - Tracing the Roots: How Zero Trust Evolves with Network Security
00:04:17 - The Rise of AI and Its Influence on Security
00:06:50 - Operational Challenges with Applying New IT Frameworks
00:08:12 - Zero Trust's Fit with Industrial Protocols
00:10:28 - The OT Challenge: Applying the Bucket Strategy for Zero Trust
00:12:03 - Addressing Network Segmentation in OT
00:14:00 - Challenges with VPNs and Remote Access in Zero Trust
00:16:45 - Potential Misalignments in Applying IT Security to OT
00:17:46 - Identity Crisis: Managing Access Within Zero Trust Frameworks
00:19:12 - Implications of Shared Passwords and User Access
00:23:04 - Strategic Collaboration Between IT and OT for Enhanced Security
00:26:32 - Wrap-Up: Collaborative Paths to Effective Zero Trust in OT

Links And Resources:

Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

Overcoming Obstacles in Diverse Technological Landscapes with CEO and Co-Founder of Garland Technology, Chris Bihary

Tue, 23 Apr 2024 04:00:00 -0700

Join your host, CEO and President of Velta Technology, Craig Duckworth and special guest Chris Bihary, CEO and co-founder of Garland Technology, as they discuss the complexities of operational technology (OT) security within critical infrastructures.

Chris shares his fascinating journey from spontaneous problem-solving to developing essential security hardware like network taps and data diodes that are now crucial in major industries.

Discover how Garland Technology collaborates with Velta Technology to tackle common and emerging challenges in network security through innovative solutions.

Whether you're a tech enthusiast or a professional navigating the intricate world of IT and OT security, this episode offers valuable insights into the foundational strategies that protect your digital landscape from unseen threats.

Tune in to explore how these tech pioneers are enhancing network security, making the invisible, visible and secure.

Chapters:

00:00:00 - Expert Dialogues: Chris Bihary and Craig Duckworth Unpack OT Security
00:00:59 - Genesis of Garland: Chris's Journey from Idea to Industry
00:01:45 - Practical Tech: Crafting Solutions for Real-world OT Problems
00:03:41 - The Visibility Factor: Why Seeing is Securing in Network Safety
00:05:35 - Sensor Strategy: Optimizing Deployment in Complex Networks
00:07:22 - Foundations of Security: Building Reliable OT Networks
00:09:58 - Enhancing Visibility: The Key to Proactive Security Management
00:13:11 - Overcoming Obstacles: Adapting to Diverse Technological Landscapes
00:17:56 - Regulatory Impact: How New Standards Shape Security Measures
00:21:07 - Starting Points: Tactical Advice for Embarking on Security Improvements
00:24:34 - Leveraging Industry Insights: How to Utilize Market Intelligence for Security Advancements
00:28:16 - Wrapping Up: Key Takeaways and Forward-Looking Strategies

Links And Resources:

Chris Bihary on LinkedIn
Garland Technology
Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

Empowering IT and OT Teams to Improve Industrial Cybersecurity

Tue, 16 Apr 2024 04:00:00 -0700

Join Velta Technology’s CTO, Dino Busalachi and COO, Jim Cook, as they delve into the intricate world of IT and OT integration. Explore the challenges and transformative strategies involved in merging these critical technologies within industrial environments.

Dino and Jim share their expert knowledge and decades of experience, discussing the potential for synergy between operational and information technology to enhance cybersecurity, reduce downtime, and drive company revenue. They liken the integration process to navigating a complex maze where every turn could lead to innovative solutions or unforeseen challenges.

This episode is a must-listen if you’re looking to understand the future of technology in manufacturing and beyond, promising valuable lessons on collaboration and technological convergence.

Chapters:

00:00:00 - Meet the Minds: Dino & Jim’s Take on Bridging Tech Gaps
00:01:20 - Deep Dive: Contrasting IT & OT Roles and Responsibilities
00:03:00 - Snapshot: Current Landscape of OT Cybersecurity
00:06:45 - Bridging the Communication Gap: Techniques and Tools
00:09:18 - Collaboration Overviews: Building a Unified Tech Framework
00:10:34 - Synergy Benefits: How Merging IT and OT Strengthens Security
00:12:47 - Real-time Responses: IT-OT Coordination in Action
00:16:04 - From Theory to Action: Success Stories in IT-OT Integration
00:17:05 - Case Study Deep Dive: Effective IT-OT Integration Practices
00:19:21 - Lessons Learned: Overcoming Obstacles in IT-OT Convergence
00:21:33 - Harnessing Tech for Operational Efficiency
00:23:58 - Future-Proofing Industries through IT-OT Synergy
00:26:09 - Closing Loop: Sustaining Collaboration between IT and OT Teams
00:28:01 - Final Reflections: Next Steps for IT and OT Integration
00:29:13 - Parting Wisdom: Empowering IT and OT Teams to Innovate Together

Links And Resources:

Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

The Future of Cybersecurity Insurance with Observatory Holding’s CEO, Gerry Kennedy

Tue, 09 Apr 2024 04:00:00 -0700

Gerry Kennedy, CEO of Observatory Strategic Management, alongside Dino Busalachi, co-founder and CTO of Velta Technology, talk about the complex and evolving world of cybersecurity insurance. They unpack the nuances of IT and OT risk management, revealing how past incidents and technological advancements have shaped current practices.

Their discussion traverses the history from Y2K to present-day cybersecurity challenges, highlighting the crucial role of insurance in mitigating these risks. As they discuss their professional experiences and expert insights, the conversation sheds light on the importance of understanding legal and insurance frameworks in protecting against cyber threats.

This episode not only demystifies the intricate relationship between technology and insurance but also emphasizes the need for a holistic approach to cybersecurity, making it a must-listen for anyone looking to navigate the digital age safely.

Chapters:

00:00:00 - Unveiling the Shadows: The Hidden Dangers Behind Kinetic Events
00:01:04 - First Impressions: A Blizzard, A Hat, and The Cybersecurity Nexus
00:02:00 - The Road Less Traveled: From Texting Bans to Cybersecurity Vanguard
00:04:19 - From Y2K Fears to Today's Cyber Insurance: A Historical Perspective
00:05:20 - Bridging Worlds: The Indispensable Roles of IT and OT in Securing the Digital Frontier
00:08:47 - The Cyber Insurance Conundrum: Untangling the Web of IT and OT Risks
00:13:08 - Beyond the Code: Legal Frameworks Shaping Cybersecurity's Future
00:17:33 - Looking Ahead: The Interwoven Future of Insurance and Cybersecurity
00:20:33 - The Underwriter's Lens: Enhancing Insurance with Cybersecurity Insights
00:23:30 - A Call to Arms: The Imperative of Employee Awareness and OSHA's Emerging Role
00:25:00 - The Unseen Liability: Navigating the Risks of Digital Premises
00:28:45 - Fostering Unity: The Power of Community in Bolstering Cyber Resilience
00:31:50 - The Bedrock of Business: Operational Technology's Critical Role in Cybersecurity
00:32:28 - On the Horizon: The Evolving Interface of Cybersecurity and Operational

Links And Resources:

The State of OT Cybersecurity From the Field

Tue, 02 Apr 2024 04:00:00 -0700

Dino Busalachi and Craig Duckworth, leaders and co-founders of Velta Technology, are discussing the paramount importance of safety, quality, and cybersecurity in the operational technology (OT) sector.

Drawing from their extensive field experience, they illuminate the challenges and solutions in safeguarding industrial environments against cyber threats. Their discussion sheds light on the pervasive issue of underpreparedness in OT cybersecurity, highlighting the critical need for robust defense mechanisms.

By exploring the intersection of IT and OT cybersecurity strategies, they offer valuable perspectives on building resilient systems that can withstand the evolving landscape of cyber threats. Dino and Craig not only emphasize the urgency of addressing cybersecurity in industrial operations but they’re also giving actionable advice for organizations to fortify defenses and ensure operational continuity.

Chapters:

00:00:00 - Navigating the Cybersecurity Terrain in Operational Tech
00:02:37 - Ownership Dilemmas: Who Holds the Cybersecurity Reins?
00:04:07 - IT and OT: Collaborating for Stronger Cyber Defenses
00:05:22 - The Essential Cybersecurity Triad in Action
00:06:48 - Inside the Cyber Defense Strategy: Real-World Insights
00:08:15 - The Critical Role of Visibility in Cybersecurity
00:09:40 - Addressing the Cybersecurity Skills Gap in Industrial Sectors
00:11:05 - The Evolution of Cyber Threats in Operational Technology
00:13:50 - Key to Protection: Asset Inventories and Secure Remote Access
00:21:17 - Lessons from the Field: The Stakes of Cybersecurity Neglect
00:26:41 - Wrapping Up: Future Directions in OT Cyber Resilience

Links And Resources:

Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

Cybersecurity Missteps Putting the C-Suite at Risk

Tue, 26 Mar 2024 04:00:00 -0700

Craig Duckworth and Dino Busalachi CEO and CTO for Velta Technology, discuss the critical role of the C-suite in fortifying manufacturing environments against cyber threats.

Discussing the unique challenges that manufacturing organizations face, they make sure you understand the necessity for executive teams to actively engage in cybersecurity strategies.

With compelling arguments for a more involved C-suite, Craig and Dino explore the intersection of cybersecurity and operational efficiency, emphasizing the need for leadership to not only understand but also lead the charge in securing industrial control systems.

This episode serves as a wake-up call for executives to embrace their pivotal role in protecting their companies from cyber risks, highlighting that cybersecurity is not just an IT issue but a foundational aspect of modern business resilience.

Chapters:

00:00:00 - Meet the Minds Behind VELTA Technology's Cyber Initiatives
00:01:47 - Deciphering Cybersecurity's Extensive Influence on Manufacturing Dynamics
00:03:29 - Unpacking the Costs: The Stark Reality of Ignoring Cybersecurity
00:04:08 - The Interplay Between Cyber Insurance, Liability, and Organizational Security
00:05:07 - Charting the Course: Fundamental Actions for Cyber Resilience
00:07:35 - Implementing Cybersecurity Measures: A Tactical Overview for Manufacturing Leaders
00:10:54 - The Imperative of Continuous Monitoring in Mitigating Cyber Risks
00:14:11 - Bridging the Divide: Fostering Collaboration Between IT and OT Teams
00:17:06 - Cultivating Cyber-Aware Culture: Integrating Security into the Manufacturing DNA
00:20:01 - Forward Momentum: Strategic Insights for Executive Leadership on Cybersecurity
00:24:28 - Reflecting on the Imperatives of Cybersecurity in the Manufacturing Sector

Links And Resources:

Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

S4x24 Insights & Reflections on Cybersecurity Market Trends

Tue, 19 Mar 2024 04:00:00 -0700

Dino Busalachi and Craig Duckworth share their experiences and takeaways from the recent S4 conference in Miami, shedding light on the evolving landscape of OT cybersecurity.

They discuss the criticality of IT and OT collaboration in overcoming industrial cybersecurity challenges, underlining key conference takeaways, including the emergence of new technologies, the importance of asset ownership, and the shifting dynamics within the cybersecurity realm.

Their conversation emphasizes the necessity of understanding and integrating the strengths of both IT and OT to forge a more secure future for industrial environments. Through their dialogue, you’ll gain a comprehensive view of current trends, challenges, and solutions at the intersection of technology and security, inspiring a proactive approach to cybersecurity in the industrial sector.

Chapters:

00:00:00 Meet the Hosts: Key Takeaways from S4 in Miami
00:01:38 A Fresh Perspective on Cybersecurity Conferences
00:03:17 Highlighting the Role of Asset Owners and Vendor Diversity
00:04:39 Navigating the OT Cybersecurity Landscape
00:06:38 Decoding the Investment in OT Cyber Protections
00:12:46 From Theory to Practice: Case Studies in Action
00:15:33 On the Horizon: Innovations and Evolving Strategies
00:23:57 Projecting the Path Forward for OT Security
00:27:23 Wrapping Up: Anticipations for the Future

Links And Resources:

S4 Conference
Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

Zero Trust in OT: Adapting IT's Playbook for Enhanced Security

Tue, 27 Feb 2024 04:00:00 -0700

Dino Busalachi and Jim Cook, the CTO and COO of VELTA Technology respectively, discuss the intersection between IT (Information Technology) and OT (Operational Technology) in the cybersecurity landscape. They emphasize that, while IT security measures have their value, they cannot be applied as-is to the OT environment due to significant variations in system operations, scale, and impact in case of breaches.

They stress the importance of holistic consideration of operations when devising cybersecurity measures for OT. They cover topics like zero trust environments, asset inventory, key points from IT’s playbook that may be suited, and ones that would prove challenging in OT – security lessons that need to be adapted rather than employed directly.

They bring in the element of digital safety being just as important as physical safety in an OT environment considering the potential physical outcomes as a result of breaches. The conversation reveals a need for IT professionals to work in collaboration with their OT counterparts for more effective and robust cybersecurity systems, even as the two roles begin to diverge more explicitly in terms of responsibilities and strategies.

Chapters:

00:00:00 - Merging Worlds: The Crucial IT-OT Convergence
00:02:10 - Zero Trust in OT: Navigating the Transition
00:10:04 - Asset Management: The Keystone of OT Security
00:12:50 - The Power of Eyes-On: Continuous Monitoring in OT
00:14:49 - IT's Supporting Role in Fortifying OT
00:18:08 - Shifting Gears: OT's Rising Responsibility
00:20:17 - Building Bridges: Engaging OT in the Cyber Dialogue
00:21:51 - Remote Access Risks: Navigating OT's Vulnerabilities
00:24:31 - Counting the Cost: The Impact of Neglecting OT Security
00:25:21 - Designing with Defense: Security-First Approaches in OT
00:27:44 - Digital Guardianship: Ensuring Safety in the OT Realm
00:30:25 - United Front: The Collaborative Role of IT and OT in Security
00:32:42 - Closing Thoughts: Envisioning the Future of OT Cybersecurity

Links And Resources:

Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

Foreign Cybersecurity Threats & Risks to ICS / OT Equipment

Tue, 20 Feb 2024 04:00:00 -0700

Dino Busalachi and Jim Cook of Velta Technology explore the shadowy realm of cybersecurity threats from foreign adversaries against ICS / Operational Technology (OT) equipment. They discuss the sophisticated methods by which foreign actors, particularly those sponsored by the CCP, use to infiltrate and undermine the very foundations of our society.

The conversation sheds light on recent government initiatives to root out these digital invaders, revealing a timely and evolving battle against cyber espionage. With expert insights into the challenges of detecting and combating these threats, the episode offers a riveting glimpse into the ongoing efforts to protect national security and the integrity of our critical systems.

Chapters:

00:00:00 - Cyber Threats 101: The Challenges of Protecting Critical Infrastructure
00:01:10 - The Enemy Within: How State-Sponsored Hackers Breach Our Defenses
00:02:20 - The Cyber Arms Race: How Attack Strategies Keep Evolving
00:05:18 - The Business Impact: How Cyber Threats Affect the Corporate World
00:06:44 - The Ripple Effect: How Cyber Attacks Have Wider Implications
00:12:29 - The Remote Access Risk: How to Secure Vulnerable Entry Points
00:15:13 - The Government Response: How Federal Initiatives Boost Cybersecurity
00:18:53 - The Resilience Roadmap: How to Advocate for Better Cybersecurity Measures
00:23:05 - The Urgent Call: How to Strengthen Digital and National Security

Links And Resources:

Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

Industrial Cybersecurity Lessons From the Field

Tue, 13 Feb 2024 04:00:00 -0700

Dino Busalachi and Jim Cook, CTO and COO for Velta Technology, invite you on an essential journey into 'Lessons from the Field' of industrial cybersecurity. Their expertise illuminates a landscape where the traditional boundaries between cybersecurity and industrial operations merge, revealing the complexities of protecting manufacturing's vital elements—the industrial control systems.

They shed light on the unintended consequences of standard information technology (IT) practices on OT environments. Instances like routine scans halting production or unexpected shutdowns due to remote access, are not merely warnings but narratives of resilience, creativity, and the relentless quest for security in the face of cyber threats.

This episode stands as a rallying cry for those who safeguard industrial cybersecurity, advocating for hands-on, field-based strategies to comprehend and shield the intricate mesh of machinery and technology that drives our industries.

Highlighting the need for constant alertness, cooperative problem-solving, and a steadfast dedication to a security culture beyond the fluctuating dynamics of staff and protocols, Dino and Jim's dialogue is more than a discussion on challenges—it's a tribute to the unwavering spirit of cybersecurity front-liners.

Serving as an invaluable guide for cybersecurity professionals, IT and OT managers, and all stakeholders in the digital and physical security sphere, this episode highlights the guardianship required against continuously evolving digital threats.

Chapters:

00:00:00 - Meet Our Cyber Guardians: Dino & Jim
00:01:25 - Field Tactics: Scanning for Cyber Safety
00:03:17 - Safeguarding with OT IDS: A Closer Look
00:05:41 - Ignoring Security: A Recipe for Risk
00:07:38 - Bridging IT and OT: A Unified Front Against Cyber Threats
00:15:10 - Evolving Cybersecurity: The Path of Continuous Learning
00:20:13 - Wrapping Up: The Essence of Discovery on the Cyber Frontline

Links And Resources:

Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

Asset Inventory and Management the IT versus the OT Way

Tue, 06 Feb 2024 04:00:00 -0700

How do you balance the needs of information technology (IT) and operational technology (OT), two domains that are often at odds with each other with priorities and protocols? How do you ensure the security, efficiency and safety of both the digital and the physical aspects of your operations?

In this episode, Dino Busalachi and Jim Cook take us on a deep dive into the complex worlds of asset and inventory management within both IT and OT, two crucial parts of a manufacturing or critical infrastructure organization. Drawing from their extensive experience, they reveal the unique challenges and methodologies of each domain.

They discuss the common lack of understanding around operational technology equipment, and the safety and performance implications of asset and inventory management for the industrial plant floor.

Whether you are an IT or OT professional, a business leader, or a curious listener, this episode will enlighten you on the dynamics of IT and OT, and inspire you to adopt a holistic and collaborative approach to asset inventories and management. Listen and learn how IT and OT can work together to create a more secure and efficient world.

Chapters:

00:00:00 - Unpacking IT vs. OT Asset Inventories
00:01:10 - The Crucial Role of Asset Inventories in Security
00:04:50 - Manufacturing Challenges: Inventory Management Insights
00:07:55 - Visual Inspections' Role in OT Inventory Checks
00:08:46 - Solving OT Network Connectivity Issues
00:11:30 - Implementing Passive Intrusion Detection in OT
00:14:56 - Addressing OT Network Sensitivity Challenges
00:16:18 - Lockout Tag Use in Operational Safety
00:17:50 - Leveraging Deep Packet Inspection for OT Security
00:22:06 - Integrating IT Strategies into OT Security
00:26:51 - OT's Impact on Minimizing Downtime
00:30:44 - Initiating OT Security Measures
00:33:14 - Highlighting the Risks in Neglecting OT Security

Links And Resources:

Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

Cybersecurity and Data Protection in Modern Manufacturing with Jim Fledderjohn, Dell Technologies

Tue, 30 Jan 2024 04:00:00 -0700

Jim Fledderjohn, a seasoned Manufacturing Field Director at Dell, takes us on a deep dive into the intricate world where operational technology (OT) meets information technology (IT), discussing the complexities and innovations reshaping today's manufacturing landscape.

He sheds light on Dell's strategic endeavors in fortifying industrial cybersecurity, emphasizing the pivotal role of digital safety in this era of technological revolution. From Dell Validated Designs to the importance of company culture and ownership of technology on the plant floor, and dynamics between IT and OT.

This episode is not just a conversation; it's a journey into understanding how the meticulous integration of data integrity and advanced technology is not just enhancing, but revolutionizing the manufacturing industry. Join us for an enlightening exploration of the future, as envisioned by one of Dell's leading minds.

Chapters:

00:00:00 - Intro: Welcoming Jim Fledderjohn & Topic Overview
00:00:59 - Dell's Manufacturing Insights: Bridging IT & OT
00:02:40 - Tackling IT-OT Integration Challenges
00:03:52 - Enhancing IT-OT Collaboration & Transparency
00:06:39 - Dell's Pivotal Role in Industrial Cybersecurity
00:09:09 - Digital Safety's Critical Role in IT & OT
00:13:08 - Cybersecurity's Influence on Corporate Reputation
00:15:56 - Emphasizing Continuous Monitoring in Operational Technology
00:22:43 - Leveraging Third-Party Expertise in OT Environments
00:26:09 - Wrapping Up: Key Takeaways & Concluding Thoughts

Links And Resources:

Jim Fledderjohn on LinkedIn
Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

Future Trends & Evolving Cybersecurity Threats with Simon Chassar, Claroty Former CRO

Tue, 23 Jan 2024 04:00:00 -0700

Today we welcome Simon Chassar, former CRO of Claroty, to the show. Simon and Craig Duckworth explore the ever-evolving cyber threats facing the industrial sector, underscoring the critical need for robust operational technology (OT) security. Simon highlights the unique challenges posed by legacy systems, their adaptation to modern security standards, and the necessity of industry-specific cybersecurity measures.

The conversation shifts to the role of regulation in driving security initiatives and the dire need for skilled professionals in this specialized field. They discuss the complexities of securing industrial control systems and emphasize the imperative of protecting society's critical infrastructure.

This episode is not just a discussion; it's a deep dive into the intricacies of industrial cybersecurity, blending expert insights with real-world implications, making it a must-listen for anyone concerned with the intersection of technology, security, and industrial resilience.

Chapters:

00:00:00 - Introduction to Simon Chassar and Cybersecurity in Industry
00:00:52 - Evolving Challenges in Industrial Cybersecurity
00:02:18 - Analyzing the Impact of Cyber Threats in Industrial Settings
00:05:28 - Critical Role of Cybersecurity in the Manufacturing Sector
00:07:06 - Anticipating the Future Trends in Industrial Cybersecurity
00:09:40 - Government's Influence and Regulatory Aspects in Cyber Protection
00:12:29 - Addressing the Cybersecurity Skills Gap and Education
00:13:44 - Emphasizing 'Secure by Design' in Digital Industrial Transformation
00:26:29 - Collaborative Approaches and Responsibility in Cybersecurity Initiatives
00:27:17 - Wrapping Up: Key Takeaways and Simon Chassar’s Final Insights

Links And Resources:

Simon Chassar on LinkedIn
Claroty
Simon on Twitter
Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

Operational Technology: A Case Study on Securing the Backbone of Manufacturing

Tue, 16 Jan 2024 04:00:00 -0700

Dino and Jim examine a case study from a Velta Technology client, showcasing the importance of continuous monitoring in industrial control systems (ICS). They highlight how proactive cybersecurity can prevent significant breaches, stressing the link between cyber and physical safety in industrial settings. They share insights on integrating IT and OT for stronger security and shed light on internal threats in manufacturing.

This concise yet comprehensive episode is crucial for anyone in cybersecurity, IT and OT management, industrial engineering, or manufacturing leadership. It provides practical yet key understandings of cybersecurity's role in protecting industrial operations.

Chapters:

00:00:00 - Opening Remarks: Introducing the Episode's Focus on OT Cybersecurity and Velta Technology
00:00:49 - Monitoring Industrial Systems: Exploring Why Vigilance in OT is Critical
00:01:28 - Velta Technology's Cybersecurity Success: A Deep Dive into Their Case Study
00:02:08 - The Role of Continuous Monitoring: Discussing Essential Tools and Strategies
00:06:43 - Combating Phishing and Embracing MFA: Practical Advice for Industrial Cybersecurity
00:08:23 - Responding to Breaches: The Impact on Businesses and the Value of Swift Action
00:16:35 - Cybersecurity ROI: Protecting Organizational Value and Investment Paybacks
00:20:39 - Due Diligence in Cybersecurity: Risks and Responsibilities in the OT Space
00:23:23 - Wrap-Up: Concluding Thoughts on OT Cybersecurity and Future Directions

Links And Resources:

Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

Cybersecurity A-Z in Manufacturing and Industrial Sectors with Armis CTO, Mick Coady

Tue, 09 Jan 2024 04:00:00 -0700

Dino Busalachi has a fascinating conversation with Mick Coady, CTO of Armis, exploring the intricate world of operational technology (OT) and cybersecurity.

Mick shares his extensive experience, from his early days in the field to his current role at Armis, offering valuable insights into the challenges and opportunities in OT cybersecurity.

He discusses the importance of IT-OT convergence, the role of technology in operational efficiency, and the evolving landscape of cybersecurity in critical infrastructures. He shares insights on the complexities of OT and how cybersecurity strategies are being shaped in this rapidly evolving field.

Chapters:

00:00:00 - Mick Coady's Introduction: Discover Mick's role as CTO of Armis and his professional background
00:00:56 - Entering the Cybersecurity World: Explore Mick's journey into the field of cybersecurity.
00:03:14 - OT Challenges in Manufacturing: Insights into unique cybersecurity challenges faced by manufacturing organizations
00:05:36 - Bridging IT and OT: Discussion on the convergence of Information Technology and Operational Technology
00:08:57 - OEM's Influence in OT: Examining the role of Original Equipment Manufacturers in the OT landscape
00:12:12 - Cybersecurity Partnerships: The critical role of partnerships in enhancing cybersecurity measures
00:23:40 - Navigating Cybersecurity Regulations: Insights into the regulatory aspects of cybersecurity
00:26:59 - Wrapping Up: Conclusion of the conversation with Mick Coady and closing remarks

Links And Resources:

Mick Coady on LinkedIn
Armis
Mick Coady on Twitter
Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

Equipping OT Cybersecurity Frontlines With Training and Tech with Cloud Range CEO Debbie Gordon

Tue, 02 Jan 2024 04:00:00 -0700

We sit down with Debbie Gordon, the CEO of Cloud Range Cyber, to explore the groundbreaking world of cybersecurity training for ICS and the Operational Technology frontlines. Debbie shares her expertise on how virtualized training environments are transforming the way cybersecurity teams prepare for and respond to cyber attacks. We get into the significance of experiential learning in cybersecurity, discuss the challenges of talent shortages and the necessity for continuous, hands-on training. Listeners will gain a comprehensive understanding of how Cloud Range’s innovative approach is equipping cyber defense teams to face the ever-evolving landscape of cyber threats.

Chapters:

00:00:00 - Introducing Debbie Gordon: CEO of Cloud Range Cyber
00:00:59 - Exploring Cloud Range: A Revolutionary Virtual Cyber Range Platform
00:02:11 - The Critical Role of Simulated Cybersecurity Exercises
00:03:27 - Adapting to the Evolving Cybersecurity Threat Landscape
00:05:48 - The Genesis of Cloud Range: Innovating Cyber Training
00:08:11 - Addressing the Cybersecurity Skills Gap: Challenges and Solutions
00:11:23 - Customizing Training with Cloud Range for Effective Talent Development
00:16:02 - Harnessing Creativity and Analytical Skills in Cyber Defense
00:21:06 - Cybersecurity in the Post-COVID Era: New Challenges and Approaches
00:27:28 - Key Strategies for Organizations Embarking on Cybersecurity

Links And Resources:

Debbie Gordon on LinkedIn
Cloud Range Cyber
Debbie Gordon on Twitter
Cloud Range Cyber on Facebook
Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

High Visibility Cyber Attacks from MGM to Clorox to Critical Infrastructure: Risks and Responses

Tue, 26 Dec 2023 04:00:00 -0700

Join us for an insightful conversation with Dino Busalachi, CTO; and Craig Duckworth, President and CEO, of Velta Technology. They also share their perspectives on some of the recent cyber attacks that have shaken the OT space, such as the Oldsmar water plant, the Colonial Pipeline, and the MGM casino. Dino and Craig reveal how they help various industrial sectors, from manufacturing to gaming, protect their operational technology systems from cyber threats.

They explain how IT and OT cybersecurity differ and overlap, and how to foster a collaborative and effective approach. They also highlight the key elements of a robust OT cybersecurity strategy, such as a defensible architecture, a continuous monitoring system, a vulnerability management program, a secure remote access tool, and an incident response plan. They also share some of the best practices, common pitfalls, and future trends in the OT cybersecurity field.

Chapters:

00:00:00 - Welcome to the Industrial Cybersecurity Insider Podcast
00:01:11 - How Hackers Tried to Poison a Florida City’s Water Supply
00:02:57 - The Unique Challenges and Opportunities of OT Cybersecurity in Manufacturing
00:04:15 - How to Secure Remote Access to Your Industrial Systems
00:06:37 - How a Ransomware Attack Shut Down a Major US Pipeline
00:07:20 - Why You Need to Monitor Your OT Network and Assets
00:09:49 - How to Bridge the Gap Between IT and OT Teams
00:20:12 - How Cyber Attacks Can Affect the Casino Business and Customers
00:23:12 - How Cybersecurity Insurance and Legal Issues Can Impact Your OT Strategy
00:26:35 - Key Takeaways and Tips from VELTA Technology Experts

Links And Resources:

Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

Innovation, Regulation and Education in ICS Cybersecurity with Nozomi’s Danielle Jablanski

Tue, 19 Dec 2023 04:00:00 -0700

In this week's episode, Danielle Jablanski, an OT cybersecurity strategist at Nozomi Networks, discusses the current and future landscape of OT cybersecurity with Velta Technology's CTO, Dino Busalachi. Danielle shares her unique perspective as a former market analyst, a current educator, and a passionate advocate for OT security. She discusses the cultural and technical challenges of bridging the IT/OT divide, the impact of regulation and liability on OT security, the importance of building strong foundations and defensible architectures, and the need for workforce enablement and development. She also gives us some practical tips and resources on how to learn more about OT cybersecurity and how to apply it in different contexts and scenarios.

Chapters:

00:00:00 - Introduction and Overview with Danielle Jablanski
00:00:56 - Defining the Role of an OT Cybersecurity Strategist
00:01:54 - IT and OT: Collaboration and Challenges
00:03:28 - Professional Services in IT-OT Integration
00:05:37 - Contextualizing Security in the OT Environment
00:08:08 - Executive Leadership in OT Security Implementation
00:13:01 - Enhancing OT Security Through Workforce Development
00:17:21 - Future Outlook on OT Cybersecurity Trends
00:21:07 - Educational Resources for Advancing in OT Security
00:24:03 - Key Takeaways and Practical Tips in OT Security

Links And Resources:

Danielle Jablanski(DJ) on LinkedIn
Nozomi Networks
Atlantic Council
Industrial Cyber
Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

ICS Cybersecurity Knowns, Unknowns, and Actions to Take with Industry Expert & S4 Founder Dale Peterson

Tue, 12 Dec 2023 04:00:00 -0700

Craig Duckworth is joined by Dale Peterson, an esteemed figure in Industrial Control System (ICS) security. They explore the intricate interplay between Information Technology and Operational Technology, shedding light on the evolving challenges in cybersecurity for industrial sectors. Dale, with his rich background from founding the S4 conference to pioneering cybersecurity innovations, imparts invaluable insights for those navigating the complex landscape of industrial digital security, making this episode a must-listen for anyone invested in the future of industrial cybersecurity.

Chapters:

00:00:00 - Introduction: Craig Duckworth Welcomes Dale Peterson, ICS Security Expert
00:01:09 - Dale's Entry into Industrial Cybersecurity: Beginnings and Motivations
00:02:49 - Tracing the Transformation of Industrial Cybersecurity Over Time
00:03:53 - Addressing the Skills Gap in Industrial Cybersecurity
00:04:53 - Communicating Effectively in the World of Cybersecurity
00:06:10 - Delving Deeper into the Evolution of Industrial Cybersecurity
00:10:57 - The Critical Role of Metrics in Enhancing Cybersecurity
00:12:37 - Navigating Cybersecurity Regulations in Industrial Sectors
00:19:27 - The Genesis and Goals of the S4 Conference
00:25:25 - Expert Guidance for Thriving in Industrial Cybersecurity
00:28:58 - Wrapping Up: Key Takeaways and Conclusion

Links And Resources:

Unmasking Industrial Cybersecurity Threats and Solutions with Dave Purdy of TXOne Networks

Tue, 05 Dec 2023 04:00:00 -0700

We delve into the intricate world of operational technology (OT) cybersecurity with industry expert Dave Purdy. With his extensive experience transitioning from IT to OT, Dave discusses the unique challenges and vulnerabilities in protecting critical infrastructure and industrial networks. He shares his insights on safeguarding legacy systems, the importance of specialized skill sets in OT cybersecurity, and the evolving threats in this space. This conversation provides a comprehensive look at the current state and future direction of cybersecurity in operational technology, offering valuable takeaways for professionals in this field.

Chapters:

00:00:00 - Introduction to the World of OT Cybersecurity with Expert Dave Purdy
00:01:19 - Dave's Journey: Shifting Focus from IT to OT
00:02:54 - Exploring Unique Market Challenges in OT Cybersecurity
00:03:44 - Tackling the Complexities of Legacy Systems in Industrial Networks
00:05:04 - Cybersecurity: A Key Business Priority in the Digital Age
00:06:38 - The Influence of Cybersecurity on Industrial Insurance Policies
00:09:02 - Effective Strategies for Overcoming Cybersecurity Hurdles
00:14:33 - Tailoring Cybersecurity Solutions Across Various Industries
00:23:17 - Essential Tips for Organizations Embarking on Cybersecurity Initiatives
00:25:09 - Wrapping Up: Key Insights and Final Thoughts from Dave Purdy

Links And Resources:

Dave Purdy on LinkedIn
TXOne Networks
Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Apple Podcasts and leave us a review!

Holidays & Hackers: Keeping Industrial Control Systems Safe

Tue, 28 Nov 2023 04:00:00 -0700

Dino Busalachi, CTO and co-founder, and Jim Cook, COO from Velta Technology, discuss the heightened risks of cybersecurity during the holiday season, especially in industrial environments. They explore how reduced staffing, increased remote access, and operational shutdowns create vulnerabilities in control systems. They dive into the importance of maintaining operational resilience and the necessity of robust cybersecurity measures. Practical advice and experiences are shared, emphasizing the need for preparedness and vigilance in safeguarding against cyber threats during this critical period.

Chapters:

00:00:00 - Cybersecurity Challenges During the Holiday season
00:00:50 - Examining Cybersecurity Vulnerabilities During the Holiday Season
00:01:21 - Strategies for Effective Incident Response in Cybersecurity
00:02:19 - Analyzing Holiday Season Vulnerabilities in Control Systems
00:02:53 - Effect of Reduced Staffing on Cybersecurity During Holidays
00:04:54 - Supply Chain's Role in Ensuring Cybersecurity
00:06:39 - Preparing for Cyber Threats: Key Strategies and Tips
00:08:57 - Utilizing Advanced Tools and Technologies for Cybersecurity
00:11:20 - Identifying and Mitigating Cybersecurity Risks and Threats
00:15:01 - Importance of Continuous Monitoring in Cybersecurity
00:17:10 - Building Operational Resilience Against Cyber Threats
00:21:59 - Addressing Cybersecurity Issues: Admitting and Tackling Problems
00:24:40 - Wrapping Up: Key Takeaways and Final Thoughts on Cybersecurity

Links And Resources:

Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Apple Podcasts and leave us a review!

Cybersecurity Threats and Insurance Solutions with Rogan Dwyer

Tue, 21 Nov 2023 04:00:00 -0700

Craig Duckworth engages with Rogan Dwyer, a seasoned expert in the insurance space, to unravel the complexities of cybersecurity insurance. Dwyer, with his extensive background in risk mitigation and insurance, delves into the evolving landscape of cyber threats and the insurance industry's response to these challenges. They discuss the necessity of integrating insurance with broader risk management strategies and the importance of board-level understanding and involvement in cybersecurity.

Chapters:

00:00:00 – Diving Into the World of Cybersecurity Insurance
00:02:20 – Decoding Client Risks: A Critical Look at Policy Impacts
00:04:50 – The Hunt for Premium Clients: A Strategic Approach for Insurers
00:07:15 – The Future is Now: Innovations in Underwriting and Risk Mitigation
00:09:45 – Claims & Onboarding: Mastering Efficiency in Insurance
00:12:20 – Leaders in the Limelight: Executive Roles in Cyber Insurance Decisions
00:14:55 – Navigating Financial Hurdles: Large Loss Recovery Tactics
00:18:40 – Boardroom Dynamics: Steering the Insurance Decision Course
00:22:25 – Risk Management SOS: Where to Turn for Expert Advice
00:23:40 – Cyber Risks and Corporate Strategies: An Insurance Perspective
00:24:55 – Building Bridges: Collaborative Efforts in Risk and Insurance
00:28:40 – Key Takeaways: The Essence of Today's Cyber Insurance Talk

Links And Resources:

Rogan Dwyer on LinkedIn
Observatory Strategic Management
Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Apple Podcasts and leave us a review!

Missteps and Common Blunders with Manufacturing, ICS and Cybersecurity

Tue, 14 Nov 2023 04:00:00 -0700

We delve into the complex world of cybersecurity in the industrial sector. Our experts, Dino Busalachi and Craig Duckworth, unpack the nuances of IT/OT convergence, the gaping holes in cybersecurity insurance, and the unique challenges faced by manufacturers across a diverse array of plants. They share firsthand experiences of cybersecurity incidents that have led to significant operational disruptions, highlighting the critical need for a robust security framework in the industrial control space. This conversation is a must-listen for anyone invested in the safeguarding of our industrial infrastructure for manufacturing and critical infrastructure organizations.

Chapters:

00:00:00 - Exploring Industrial Cybersecurity: Insights into the Industrial Security Landscape
00:03:00 - Crisis Averted: Rescuing IP Addresses from a Denial of Service Attack
00:04:47 - Concerns Raised: Unauthorized Scanning of Control System Networks
00:07:30 - Costly Consequences: Duplicate IP Address Mishap in Automotive Manufacturing
00:10:27 - Managing Risks in Diverse Industrial Environments
00:12:00 - Cybersecurity Risks in Industrial Control Systems: Default Passwords on Plant Printers
00:14:03 - Firewall Limitations in the Realm of Industrial Cybersecurity
00:16:36 - Challenges in Handling Equipment and Software in Industrial Environments
00:20:22 - Bridging the Gap: Applying IT Practices to Operational Technology
00:22:56 - Recruiting Cybersecurity Talent for Industrial Control Systems: Challenges and Solutions
00:26:35 - Assigning Roles: The Importance of OT Cybersecurity in Industrial Facilities

Links And Resources:

Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Apple Podcasts and leave us a review!

The Ins and Outs of Cybersecurity Talent for OT ICS Roles

Mon, 06 Nov 2023 09:00:00 -0700

We delve into the critical intersection of finding talent for operational technology and cybersecurity roles within industrial environments. Dino and Jim engage in a discussion about the urgent need for cyber talent for industrial environments including manufacturing and critical infrastructure environments. They explore the potential for a new breed of cyber ops roles, the current state of industrial cybersecurity educational offerings, and the importance of immersing yourself in industrial environments to truly understand and protect the plant floor. This episode is a must-listen for anyone invested in the future of industrial safety and cybersecurity.

Chapters:

00:00:00 - Meet the Leadership Team at Velta Technology
00:03:57 - Closing the Gap: Collaborating Between IT and Engineering for Industrial Cybersecurity
00:07:32 - Prioritizing Safety and Work Environment in Industrial Operations
00:11:28 - Cybersecurity's Vital Role and the Demand for Technical Expertise
00:13:05 - Dispelling Myths and Confronting Challenges in Industrial Cybersecurity
00:16:16 - The Imperative for Cybersecurity Training and Education
00:20:42 - Enhancing Cybersecurity Measures and Data Management in Modern Machine Centers

Links And Resources:

Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Apple Podcasts and leave us a review!

Cybersecurity Unveiled Through IT and OT Alignment

Tue, 31 Oct 2023 04:00:00 -0700

Jim and Dino dive deep into the intricate world of IT and OT convergence, exploring the unseen challenges and silent variables that permeate the manufacturing floor. From the metaphorical porcupines of IT issues to the invisible activities within plant walls, the discussion unveils the criticality of aligning IT and OT for robust industrial control system security. They also navigate through the complexities of managing varied technologies across different plants, especially in the context of mergers and acquisitions, offering listeners a rare glimpse into the delicate balancing act of thinking globally while acting locally in manufacturing cybersecurity.

Chapters:

00:00:00 Exploring IT and OT Convergence in Industrial Cybersecurity
00:04:37 Navigating Equipment Lifecycles: The IT and OT Dilemma
00:10:22 Behind Plant Walls: Understanding Network Connections in Manufacturing
00:12:45 Securing Industrial Controls: The Value of Dedicated OT Firewalls
00:16:32 Importance of focusing on all layers of the OSI Model
00:20:54 Decoding the Tech Enigma: Cybersecurity Governance and the C-Suite
00:21:44 The CFO Discovering Hidden Industrial Plant Floor Assets Story
00:23:25 The Cornerstone of Cybersecurity: Maintaining Accurate IT Inventory in Manufacturing

Links And Resources:

Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

Industrial Cybersecurity Insider Intro

Mon, 09 Oct 2023 04:00:00 -0700

Created by Velta Technology, 'Industrial Cybersecurity Insider' offers a thorough look into the field of industrial cybersecurity for manufacturing and critical infrastructure. The podcast delves into key topics, including industry trends, policy changes, and groundbreaking innovations. Each episode will feature insights from key influencers, policy makers, and industry leaders. Subscribe and tune in weekly to stay in the know on everything important in the industrial cybersecurity world!

Links And Resources:

Velta Technology
Dino Busalachi on LinkedIn
Jim Cook on LinkedIn
Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Apple Podcasts and leave us a review!